ID CVE-2016-5426
Summary PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.
References
Vulnerable Configurations
  • PowerDNS Authoritative 3.4.9
    cpe:2.3:a:powerdns:authoritative:3.4.9
CVSS
Base: 5.0 (as of 21-09-2016 - 15:01)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1103.NASL
    description This update for pdns fixes the following issues : - CVE-2016-5426, CVE-2016-5427: Fix case where crafted queries can cause unexpected backend load. (boo#998159)
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 93699
    published 2016-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93699
    title openSUSE Security Update : pdns (openSUSE-2016-1103)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3664.NASL
    description Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-5426 / CVE-2016-5427 Florian Heinz and Martin Kluge reported that the PowerDNS Authoritative Server accepts queries with a qname's length larger than 255 bytes and does not properly handle dot inside labels. A remote, unauthenticated attacker can take advantage of these flaws to cause abnormal load on the PowerDNS backend by sending specially crafted DNS queries, potentially leading to a denial of service. - CVE-2016-6172 It was reported that a malicious primary DNS server can crash a secondary PowerDNS server due to improper restriction of zone size limits. This update adds a feature to limit AXFR sizes in response to this flaw.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 93419
    published 2016-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93419
    title Debian DSA-3664-1 : pdns - security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-627.NASL
    description Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2016-5426 / CVE-2016-5427 Florian Heinz and Martin Kluge reported that the PowerDNS Authoritative Server accepts queries with a qname's length larger than 255 bytes and does not properly handle dot inside labels. A remote, unauthenticated attacker can take advantage of these flaws to cause abnormal load on the PowerDNS backend by sending specially crafted DNS queries, potentially leading to a denial of service. CVE-2016-6172 It was reported that a malicious primary DNS server can crash a secondary PowerDNS server due to improper restriction of zone size limits. This update adds a feature to limit AXFR sizes in response to this flaw. For Debian 7 'Wheezy', these problems have been fixed in version 3.1-4.1+deb7u2. We recommend that you upgrade your pdns packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 93567
    published 2016-09-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93567
    title Debian DLA-627-1 : pdns security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-EFFFCC7AEC.NASL
    description - Update to 3.4.10 - CVE-2016-5426, CVE-2016-5427 Security advisory: https://docs.powerdns.com/md/security/powerdns-advisory-2016-01/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 93890
    published 2016-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93890
    title Fedora 23 : pdns (2016-efffcc7aec)
refmap via4
bid 92917
confirm
debian DSA-3664
mlist [oss-security] 20160909 PowerDNS Security Advisory 2016-01: Crafted queries can cause unexpected backend load
sectrack 1036761
Last major update 06-01-2017 - 22:00
Published 21-09-2016 - 10:25
Last modified 12-08-2017 - 21:29
Back to Top