ID CVE-2014-8601
Summary PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.
References
Vulnerable Configurations
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.6.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 06-09-2016 - 14:30)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 71545
cert-vn VU#264212
confirm http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/
debian DSA-3096
misc http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html
sectrack 1031310
Last major update 06-09-2016 - 14:30
Published 10-12-2014 - 15:59
Last modified 06-09-2016 - 14:30
Back to Top