ID CVE-2016-2120
Summary An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.
References
Vulnerable Configurations
  • PowerDNS Authoritative 3.4.10
    cpe:2.3:a:powerdns:authoritative:3.4.10
  • PowerDNS Authoritative 4.0.0
    cpe:2.3:a:powerdns:authoritative:4.0.0
  • PowerDNS Authoritative 4.0.0 Alpha 1
    cpe:2.3:a:powerdns:authoritative:4.0.0:alpha1
  • PowerDNS Authoritative 4.0.0 Alpha 2
    cpe:2.3:a:powerdns:authoritative:4.0.0:alpha2
  • PowerDNS Authoritative 4.0.0 Alpha 3
    cpe:2.3:a:powerdns:authoritative:4.0.0:alpha3
  • PowerDNS Authoritative 4.0.0 Beta 1
    cpe:2.3:a:powerdns:authoritative:4.0.0:beta1
  • PowerDNS Authoritative 4.0.0 Release Candidate 1
    cpe:2.3:a:powerdns:authoritative:4.0.0:rc1
  • PowerDNS Authoritative 4.0.0 Release Candidate 2
    cpe:2.3:a:powerdns:authoritative:4.0.0:rc2
  • PowerDNS Authoritative 4.0.1
    cpe:2.3:a:powerdns:authoritative:4.0.1
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
CVSS
Base: 4.0
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_E3200958DD6C11E6AE1B002590263BF5.NASL
    description PowerDNS reports : 2016-02: Crafted queries can cause abnormal CPU usage 2016-03: Denial of service via the web server 2016-04: Insufficient validation of TSIG signatures 2016-05: Crafted zone record can cause a denial of service
    last seen 2018-11-24
    modified 2018-11-23
    plugin id 96620
    published 2017-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96620
    title FreeBSD : powerdns -- multiple vulnerabilities (e3200958-dd6c-11e6-ae1b-002590263bf5)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-CBD5501D31.NASL
    description - Update to 4.0.3 - Security fix for CVE-2016-2120, CVE-2016-7068, CVE-2016-7072, CVE-2016-7073, CVE-2016-7074 Release notes 4.0.2: https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-4 02 Release notes 4.0.3: https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-4 03 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 96849
    published 2017-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96849
    title Fedora 25 : pdns (2017-cbd5501d31)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-112.NASL
    description This update for pdns fixes the following issues : - CVE-2016-2120: Crafted zone record could have caused a denial of service (bsc#1018329). - CVE-2016-7068: Crafted queries could have caused abnormal CPU usage (bsc#1018326). - CVE-2016-7072: Denial of service via the web server (bsc#1018327). - CVE-2016-7073: Fixed insufficient validation of TSIG signatures (bsc#1018328). - CVE-2016-7074: Fixed insufficient validation of TSIG signatures ((bsc#1018328).
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 96583
    published 2017-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96583
    title openSUSE Security Update : pdns (openSUSE-2017-112)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-798.NASL
    description Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2016-2120 Mathieu Lafon discovered that pdns does not properly validate records in zones. An authorized user can take advantage of this flaw to crash server by inserting a specially crafted record in a zone under their control and then sending a DNS query for that record. CVE-2016-7068 Florian Heinz and Martin Kluge reported that pdns parses all records present in a query regardless of whether they are needed or even legitimate, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the pdns server, resulting in a partial denial of service if the system becomes overloaded. CVE-2016-7072 Mongo discovered that the webserver in pdns is susceptible to a denial of service vulnerability. A remote, unauthenticated attacker to cause a denial of service by opening a large number of f TCP connections to the web server. CVE-2016-7073 / CVE-2016-7074 Mongo discovered that pdns does not sufficiently validate TSIG signatures, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR. For Debian 7 'Wheezy', these problems have been fixed in version 3.1-4.1+deb7u3. We recommend that you upgrade your pdns packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 96779
    published 2017-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96779
    title Debian DLA-798-1 : pdns security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-8308BC2A6E.NASL
    description Security fix for CVE-2016-2120, CVE-2016-7068, CVE-2016-7072, CVE-2016-7073, CVE-2016-7074 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 96738
    published 2017-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96738
    title Fedora 24 : pdns-recursor (2017-8308bc2a6e)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-C1AE4335E5.NASL
    description Security fix for CVE-2016-2120, CVE-2016-7068, CVE-2016-7072, CVE-2016-7073, CVE-2016-7074 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 96739
    published 2017-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96739
    title Fedora 25 : pdns-recursor (2017-c1ae4335e5)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3764.NASL
    description Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-2120 Mathieu Lafon discovered that pdns does not properly validate records in zones. An authorized user can take advantage of this flaw to crash server by inserting a specially crafted record in a zone under their control and then sending a DNS query for that record. - CVE-2016-7068 Florian Heinz and Martin Kluge reported that pdns parses all records present in a query regardless of whether they are needed or even legitimate, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the pdns server, resulting in a partial denial of service if the system becomes overloaded. - CVE-2016-7072 Mongo discovered that the webserver in pdns is susceptible to a denial-of-service vulnerability, allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. - CVE-2016-7073 / CVE-2016-7074 Mongo discovered that pdns does not sufficiently validate TSIG signatures, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 96497
    published 2017-01-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96497
    title Debian DSA-3764-1 : pdns - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-BB0B9DDF27.NASL
    description - Update to 4.0.3 - Security fix for CVE-2016-2120, CVE-2016-7068, CVE-2016-7072, CVE-2016-7073, CVE-2016-7074 Release notes 4.0.2: https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-4 02 Release notes 4.0.3: https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-4 03 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 96897
    published 2017-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96897
    title Fedora 24 : pdns (2017-bb0b9ddf27)
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120
debian DSA-3764
Last major update 01-11-2018 - 09:29
Published 01-11-2018 - 09:29
Last modified 29-01-2019 - 09:54
Back to Top