ID CVE-2014-8601
Summary PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.
References
Vulnerable Configurations
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • PowerDNS Recursor 3.6.1
    cpe:2.3:a:powerdns:recursor:3.6.1
CVSS
Base: 5.0 (as of 02-09-2016 - 20:42)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family DNS
    NASL id POWERDNS_RECURSOR_3_6_2.NASL
    description According to its self-reported version number, the version of the PowerDNS Recursor listening on the remote host is version 3.x prior to 3.6.2. It is, therefore, affected by a denial of service vulnerability due to the lack of limiting delegation chaining. A remote attacker can exploit this vulnerability, via a large or infinite number of referrals, to cause resource exhaustion, resulting in a denial of service condition. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number. Also, Nessus has not checked for the presence of the patch.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 87951
    published 2016-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87951
    title PowerDNS Recursor 3.x < 3.6.2 Recursive Referral Handling DoS
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3096.NASL
    description Florian Maury from ANSSI discovered a flaw in pdns-recursor, a recursive DNS server : a remote attacker controlling maliciously-constructed zones or a rogue server could affect the performance of pdns-recursor, thus leading to resource exhaustion and a potential denial-of-service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79883
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79883
    title Debian DSA-3096-1 : pdns-recursor - security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-798.NASL
    description This pdns-recursor version update fixes the following security issue and non secuirty issues. Update to upstream release 3.6.2. - boo#906583: Degraded service through queries to queries to specific domains (CVE-2014-8601) - Fixed broken _localstatedir Update to upstream release 3.6.1. - gab14b4f: expedite servfail generation for ezdns-like failures (fully abort query resolving if we hit more than 50 outqueries) - g42025be: PowerDNS now polls the security status of a release at startup and periodically. More detail on this feature, and how to turn it off, can be found in Section 2, 'Security polling'. - g5027429: We did not transmit the right 'local' socket address to Lua for TCP/IP queries in the recursor. In addition, we would attempt to lookup a filedescriptor that wasn't there in an unlocked map which could conceivably lead to crashes. Closes t1828, thanks Winfried for reporting - g752756c: Sync embedded yahttp copy. API: Replace HTTP Basic auth with static key in custom header - g6fdd40d: add missing #include to rec-channel.hh (this fixes building on OS X). - sync permissions/ownership of home and config dir with the pdns package - added systemd support for 12.3 and newer Update to upstrean release 3.5.3. - This is a bugfix and performance update to 3.5.2. It brings serious performance improvements for dual stack users. For all the details see http://doc.powerdns.com/html/changelog.html#changelog-re cursor-3.5.3 - Remove patch (pdns-recursor-3.3_config.patch) - Add patch (pdns-recursor-3.5.3_config.patch) Update to upstrean release 3.5.2. - Responses without the QR bit set now get matched up to an outstanding query, so that resolution can be aborted early instead of waiting for a timeout. - The depth limiter changes in 3.5.1 broke some legal domains with lots of indirection. - Slightly improved logging to aid debugging. Update to upstream version 3.5.1. - This is a stability and bugfix update to 3.5. It contains important fixes that improve operation for certain domains. This is a stability, security and bugfix update to 3.3/3.3.1. It contains important fixes for slightly broken domain names, which your users expect to work anyhow. For all details see http://doc.powerdns.com/html/changelog.html#changelog-re cursor-3.5.1 - adapted patches: pdns-rec-lua52.patch pdns-recursor-3.5.1_config.patch - fixed conditional for different lua versions - started some basic support to build packages for non suse distros
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 80211
    published 2014-12-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80211
    title openSUSE Security Update : pdns-recursor (openSUSE-SU-2014:1685-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-104.NASL
    description Florian Maury from ANSSI discovered a flaw in pdns-recursor, a recursive DNS server : a remote attacker controlling maliciously-constructed zones or a rogue server could affect the performance of pdns-recursor, thus leading to resource exhaustion and a potential denial of service. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82088
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82088
    title Debian DLA-104-1 : pdns-recursor security update
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-33.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-33 (PowerDNS Recursor: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PowerDNS Recursor. Please review the CVE identifiers and PowerDNS blog post referenced below for details. Impact : A remote attacker may be able to send specially crafted packets, possibly resulting in arbitrary code execution or a Denial of Service condition. Furthermore, a remote attacker may be able to spoof DNS data. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-10-02
    plugin id 80210
    published 2014-12-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80210
    title GLSA-201412-33 : PowerDNS Recursor: Multiple vulnerabilities
refmap via4
bid 71545
cert-vn VU#264212
confirm http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/
debian DSA-3096
misc http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html
sectrack 1031310
Last major update 06-09-2016 - 10:30
Published 10-12-2014 - 10:59
Back to Top