All the vulnerabilites related to PowerDNS - PowerDNS
cve-2005-0428
Vulnerability from cvelistv5
Published
2005-02-15 05:00
Modified
2024-08-07 21:13
Severity ?
EPSS score ?
Summary
The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19221 | vdb-entry, x_refsource_XF | |
| http://www.gentoo.org/security/en/glsa/glsa-200502-15.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/12446 | vdb-entry, x_refsource_BID | |
| http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-17 | x_refsource_CONFIRM | |
| http://ds9a.nl/cgi-bin/cvstrac/pdns/tktview?tn=21 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "powerdns-random-bytes-dos(19221)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19221"
},
{
"name": "GLSA-200502-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-15.xml"
},
{
"name": "12446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12446"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ds9a.nl/cgi-bin/cvstrac/pdns/tktview?tn=21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "powerdns-random-bytes-dos(19221)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19221"
},
{
"name": "GLSA-200502-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-15.xml"
},
{
"name": "12446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12446"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ds9a.nl/cgi-bin/cvstrac/pdns/tktview?tn=21"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "powerdns-random-bytes-dos(19221)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19221"
},
{
"name": "GLSA-200502-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-15.xml"
},
{
"name": "12446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12446"
},
{
"name": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-17",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-17"
},
{
"name": "http://ds9a.nl/cgi-bin/cvstrac/pdns/tktview?tn=21",
"refsource": "MISC",
"url": "http://ds9a.nl/cgi-bin/cvstrac/pdns/tktview?tn=21"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0428",
"datePublished": "2005-02-15T05:00:00",
"dateReserved": "2005-02-15T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0038
Vulnerability from cvelistv5
Published
2006-04-28 01:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/13729 | vdb-entry, x_refsource_BID | |
| http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en | x_refsource_MISC | |
| http://www.osvdb.org/25291 | vdb-entry, x_refsource_OSVDB | |
| http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13729"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en"
},
{
"name": "25291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-06-05T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "13729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13729"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en"
},
{
"name": "25291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25291"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13729"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en"
},
{
"name": "25291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25291"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0038",
"datePublished": "2006-04-28T01:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2069
Vulnerability from cvelistv5
Published
2006-04-27 10:00
Modified
2024-08-07 17:35
Severity ?
EPSS score ?
Summary
The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/17711 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26100 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/19831 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/20117 | third-party-advisory, x_refsource_SECUNIA | |
| http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-0-1 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/1527 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17711",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17711"
},
{
"name": "powerdns-recursor-ednso-dos(26100)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26100"
},
{
"name": "19831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19831"
},
{
"name": "SUSE-SR:2006:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name": "20117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-0-1"
},
{
"name": "ADV-2006-1527",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1527"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17711",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17711"
},
{
"name": "powerdns-recursor-ednso-dos(26100)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26100"
},
{
"name": "19831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19831"
},
{
"name": "SUSE-SR:2006:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name": "20117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-0-1"
},
{
"name": "ADV-2006-1527",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1527"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17711"
},
{
"name": "powerdns-recursor-ednso-dos(26100)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26100"
},
{
"name": "19831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19831"
},
{
"name": "SUSE-SR:2006:010",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name": "20117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20117"
},
{
"name": "http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-0-1",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-0-1"
},
{
"name": "ADV-2006-1527",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1527"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2069",
"datePublished": "2006-04-27T10:00:00",
"dateReserved": "2006-04-26T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2302
Vulnerability from cvelistv5
Published
2005-07-19 04:00
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion.
References
| ▼ | URL | Tags |
|---|---|---|
| http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18 | x_refsource_CONFIRM | |
| http://www.novell.com/linux/security/advisories/2005_19_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://marc.info/?l=bugtraq&m=112155941310297&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1014504 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:48.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"
},
{
"name": "SUSE-SR:2005:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112155941310297\u0026w=2"
},
{
"name": "1014504",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014504"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a \"blank out\" of answers to those clients that are allowed to use recursion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"
},
{
"name": "SUSE-SR:2005:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112155941310297\u0026w=2"
},
{
"name": "1014504",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014504"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a \"blank out\" of answers to those clients that are allowed to use recursion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"
},
{
"name": "SUSE-SR:2005:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112155941310297\u0026w=2"
},
{
"name": "1014504",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014504"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2302",
"datePublished": "2005-07-19T04:00:00",
"dateReserved": "2005-07-19T00:00:00",
"dateUpdated": "2024-08-07T22:22:48.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2301
Vulnerability from cvelistv5
Published
2005-07-19 04:00
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18 | x_refsource_CONFIRM | |
| http://www.novell.com/linux/security/advisories/2005_19_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://marc.info/?l=bugtraq&m=112155941310297&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1014504 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/14290 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:48.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"
},
{
"name": "SUSE-SR:2005:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112155941310297\u0026w=2"
},
{
"name": "1014504",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014504"
},
{
"name": "14290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"
},
{
"name": "SUSE-SR:2005:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112155941310297\u0026w=2"
},
{
"name": "1014504",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014504"
},
{
"name": "14290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14290"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"
},
{
"name": "SUSE-SR:2005:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112155941310297\u0026w=2"
},
{
"name": "1014504",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014504"
},
{
"name": "14290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14290"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2301",
"datePublished": "2005-07-19T04:00:00",
"dateReserved": "2005-07-19T00:00:00",
"dateUpdated": "2024-08-07T22:22:48.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5277
Vulnerability from cvelistv5
Published
2008-12-09 00:00
Modified
2024-08-07 10:49
Severity ?
EPSS score ?
Summary
PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query.
References
| ▼ | URL | Tags |
|---|---|---|
| http://doc.powerdns.com/powerdns-advisory-2008-03.html | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1021304 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/33264 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47076 | vdb-entry, x_refsource_XF | |
| http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/32627 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/32979 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-200812-19.xml | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:11.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2008-03.html"
},
{
"name": "1021304",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021304"
},
{
"name": "33264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33264"
},
{
"name": "powerdns-chhinfo-dos(47076)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47076"
},
{
"name": "SUSE-SR:2008:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"name": "32627",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32627"
},
{
"name": "32979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32979"
},
{
"name": "GLSA-200812-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2008-03.html"
},
{
"name": "1021304",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021304"
},
{
"name": "33264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33264"
},
{
"name": "powerdns-chhinfo-dos(47076)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47076"
},
{
"name": "SUSE-SR:2008:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"name": "32627",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32627"
},
{
"name": "32979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32979"
},
{
"name": "GLSA-200812-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://doc.powerdns.com/powerdns-advisory-2008-03.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/powerdns-advisory-2008-03.html"
},
{
"name": "1021304",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021304"
},
{
"name": "33264",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33264"
},
{
"name": "powerdns-chhinfo-dos(47076)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47076"
},
{
"name": "SUSE-SR:2008:027",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"name": "32627",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32627"
},
{
"name": "32979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32979"
},
{
"name": "GLSA-200812-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5277",
"datePublished": "2008-12-09T00:00:00",
"dateReserved": "2008-11-28T00:00:00",
"dateUpdated": "2024-08-07T10:49:11.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15090
Vulnerability from cvelistv5
Published
2018-01-23 15:00
Modified
2024-09-16 18:38
Severity ?
EPSS score ?
Summary
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.
References
| ▼ | URL | Tags |
|---|---|---|
| https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101982 | vdb-entry, x_refsource_BID |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:14.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html"
},
{
"name": "101982",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerDNS",
"vendor": "PowerDNS",
"versions": [
{
"status": "affected",
"version": "from 4.0.0 and up to and including 4.0.6"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-24T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html"
},
{
"name": "101982",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-11-27T00:00:00",
"ID": "CVE-2017-15090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerDNS",
"version": {
"version_data": [
{
"version_value": "from 4.0.0 and up to and including 4.0.6"
}
]
}
}
]
},
"vendor_name": "PowerDNS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html"
},
{
"name": "101982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15090",
"datePublished": "2018-01-23T15:00:00Z",
"dateReserved": "2017-10-08T00:00:00",
"dateUpdated": "2024-09-16T18:38:21.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3337
Vulnerability from cvelistv5
Published
2008-08-08 19:00
Modified
2024-08-07 09:37
Severity ?
EPSS score ?
Summary
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-7048",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"name": "31401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31401"
},
{
"name": "30587",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30587"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31687"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "31448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31448"
},
{
"name": "DSA-1628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"name": "33264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33264"
},
{
"name": "FEDORA-2008-7083",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"name": "powerdns-query-weak-security(44253)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"name": "GLSA-200812-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"name": "31407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31407"
},
{
"name": "ADV-2008-2320",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-7048",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"name": "31401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31401"
},
{
"name": "30587",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30587"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31687"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "31448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31448"
},
{
"name": "DSA-1628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"name": "33264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33264"
},
{
"name": "FEDORA-2008-7083",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"name": "powerdns-query-weak-security(44253)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"name": "GLSA-200812-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"name": "31407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31407"
},
{
"name": "ADV-2008-2320",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-7048",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"name": "31401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31401"
},
{
"name": "30587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30587"
},
{
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name": "http://doc.powerdns.com/changelog.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "31448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31448"
},
{
"name": "DSA-1628",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"name": "http://doc.powerdns.com/powerdns-advisory-2008-02.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"name": "33264",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33264"
},
{
"name": "FEDORA-2008-7083",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
"refsource": "MLIST",
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"name": "powerdns-query-weak-security(44253)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"name": "GLSA-200812-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"name": "31407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31407"
},
{
"name": "ADV-2008-2320",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3337",
"datePublished": "2008-08-08T19:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-200512-0641
Vulnerability from variot
The DNS implementation of DNRD before 2.10 allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. Incorrect decoding of malformed DNS packets causes certain DNS implementations to hang or crash. Multiple DNS vendors are susceptible to a remote denial-of-service vulnerability. This issue affects both DNS servers and clients. This issue arises when an affected application handles a specially crafted DNS message. A successful attack would crash the affected client or server.
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: Cisco Various Products Compressed DNS Messages Denial of Service
SECUNIA ADVISORY ID: SA15472
VERIFY ADVISORY: http://secunia.com/advisories/15472/
CRITICAL: Less critical
IMPACT: DoS
WHERE:
From remote
OPERATING SYSTEM: Cisco ATA 180 Series Analog Telephone Adaptors http://secunia.com/product/2810/
SOFTWARE: Cisco IP Phone 7900 Series http://secunia.com/product/2809/ Cisco ACNS Software Version 5.x http://secunia.com/product/2268/ Cisco ACNS Software Version 4.x http://secunia.com/product/2269/ Cisco Unity Express 2.x http://secunia.com/product/5151/
DESCRIPTION: A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the DNS implementation during the decompression of compressed DNS messages and can be exploited via a specially crafted DNS packet containing invalid information in the compressed section.
Successful exploitation crashes a vulnerable device or causes it to function abnormally.
The vulnerability affects the following products: * Cisco IP Phones 7902/7905/7912 * Cisco ATA (Analog Telephone Adaptor) 186/188 * Cisco Unity Express
The following Cisco ACNS (Application and Content Networking System) devices are also affected: * Cisco 500 Series Content Engines * Cisco 7300 Series Content Engines * Cisco Content Routers 4400 series * Cisco Content Distribution Manager 4600 series * Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and 3800 series Integrated Service Routers.
SOLUTION: See patch matrix in vendor advisory for information about fixes. http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software
PROVIDED AND/OR DISCOVERED BY: NISCC credits Dr. Steve Beaty.
ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml
NISCC: http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0641",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dnrd",
"scope": "eq",
"trust": 1.9,
"vendor": "dnrd",
"version": "2.9"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.9,
"vendor": "dnrd",
"version": "2.8"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.9,
"vendor": "dnrd",
"version": "2.7"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.9,
"vendor": "dnrd",
"version": "2.6"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.9,
"vendor": "dnrd",
"version": "2.5"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.9,
"vendor": "dnrd",
"version": "2.4"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.9,
"vendor": "dnrd",
"version": "2.3"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.9,
"vendor": "dnrd",
"version": "2.2"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.9,
"vendor": "dnrd",
"version": "2.1"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.9,
"vendor": "dnrd",
"version": "2.0"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "1.4"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "1.3"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "1.2"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "1.1"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "1.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ethereal",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tcpdump",
"version": null
},
{
"model": "application \u0026 content networking software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "2.9.16"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "2.9.15"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "2.8"
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "2.0"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.10"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.6"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.5"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.4"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.3"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.5.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.4.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.3.4"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.3.3"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "7.9.11"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "7.8.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "7.8.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "7.8.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "7.7.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "7.7.0"
},
{
"model": "unity express",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "subscriber edge services manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(1)"
},
{
"model": "subscriber edge services manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(2)"
},
{
"model": "subscriber edge services manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(1)"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "79120"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7905"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7902"
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4450"
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44304.1"
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44304.0"
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4430"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3800"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3700"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3600"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2800"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2600"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7325"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "73204.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "73204.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "73203.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "73202.2.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7320"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5904.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5904.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5903.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5902.2.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "590"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "565"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5604.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5604.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5603.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5602.2.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "560"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "510"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5074.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5074.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5073.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5072.2.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "507"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4670"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "46504.1"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "46504.0"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4650"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "46304.1"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "46304.0"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4630"
},
{
"model": "ata-188",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ata-186",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.3.9"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.1.7"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.13.7"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.11.6"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.17.6"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.5"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.3"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.1"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.11"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.9"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.7"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.3"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.1"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.3"
},
{
"model": "powerdns",
"scope": "ne",
"trust": 0.3,
"vendor": "powerdns",
"version": "2.9.17"
},
{
"model": "dnrd",
"scope": "ne",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.18"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.11.1"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.11"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.6"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.5"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.4"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.3"
},
{
"model": "subscriber edge services manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(2)"
},
{
"model": "application \u0026 content networking software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3.3"
},
{
"model": "application \u0026 content networking software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.7"
},
{
"model": "application \u0026 content networking software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.15"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-731"
},
{
"db": "NVD",
"id": "CVE-2005-0037"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Dr. Steve Beaty from the Department of Mathematical and Computer Sciences at the Metropolitan State College of Denver.",
"sources": [
{
"db": "BID",
"id": "13729"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-731"
}
],
"trust": 0.9
},
"cve": "CVE-2005-0037",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2005-0037",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-0037",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#23495",
"trust": 0.8,
"value": "41.92"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-731",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-731"
},
{
"db": "NVD",
"id": "CVE-2005-0037"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The DNS implementation of DNRD before 2.10 allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. Incorrect decoding of malformed DNS packets causes certain DNS implementations to hang or crash. Multiple DNS vendors are susceptible to a remote denial-of-service vulnerability. This issue affects both DNS servers and clients. \nThis issue arises when an affected application handles a specially crafted DNS message. \nA successful attack would crash the affected client or server. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Various Products Compressed DNS Messages Denial of Service\n\nSECUNIA ADVISORY ID:\nSA15472\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15472/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nCisco ATA 180 Series Analog Telephone Adaptors\nhttp://secunia.com/product/2810/\n\nSOFTWARE:\nCisco IP Phone 7900 Series\nhttp://secunia.com/product/2809/\nCisco ACNS Software Version 5.x\nhttp://secunia.com/product/2268/\nCisco ACNS Software Version 4.x\nhttp://secunia.com/product/2269/\nCisco Unity Express 2.x\nhttp://secunia.com/product/5151/\n\nDESCRIPTION:\nA vulnerability has been reported in various Cisco products, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nThe vulnerability is caused due to an error in the DNS implementation\nduring the decompression of compressed DNS messages and can be\nexploited via a specially crafted DNS packet containing invalid\ninformation in the compressed section. \n\nSuccessful exploitation crashes a vulnerable device or causes it to\nfunction abnormally. \n\nThe vulnerability affects the following products:\n* Cisco IP Phones 7902/7905/7912\n* Cisco ATA (Analog Telephone Adaptor) 186/188\n* Cisco Unity Express\n\nThe following Cisco ACNS (Application and Content Networking System)\ndevices are also affected:\n* Cisco 500 Series Content Engines\n* Cisco 7300 Series Content Engines\n* Cisco Content Routers 4400 series\n* Cisco Content Distribution Manager 4600 series\n* Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and\n3800 series Integrated Service Routers. \n\nSOLUTION:\nSee patch matrix in vendor advisory for information about fixes. \nhttp://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software\n\nPROVIDED AND/OR DISCOVERED BY:\nNISCC credits Dr. Steve Beaty. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml\n\nNISCC:\nhttp://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0037"
},
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "PACKETSTORM",
"id": "37713"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "13729",
"trust": 2.7
},
{
"db": "NVD",
"id": "CVE-2005-0037",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "25291",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "15472",
"trust": 0.9
},
{
"db": "SECTRACK",
"id": "1014043",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014044",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014045",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014046",
"trust": 0.8
},
{
"db": "BID",
"id": "1165",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#23495",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200512-731",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "37713",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "PACKETSTORM",
"id": "37713"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-731"
},
{
"db": "NVD",
"id": "CVE-2005-0037"
}
]
},
"id": "VAR-200512-0641",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3638431
},
"last_update_date": "2024-11-23T22:04:38.707000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0037"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/13729"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/25291"
},
{
"trust": 1.6,
"url": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en"
},
{
"trust": 1.2,
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15472/"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/1165"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/l-015.shtml"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id?1014046"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id?1014045"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id?1014044"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id?1014043"
},
{
"trust": 0.8,
"url": "http://www.ethereal.com"
},
{
"trust": 0.8,
"url": "http://www.tcpdump.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2810/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5151/"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2268/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2269/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2809/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "PACKETSTORM",
"id": "37713"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-731"
},
{
"db": "NVD",
"id": "CVE-2005-0037"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "PACKETSTORM",
"id": "37713"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-731"
},
{
"db": "NVD",
"id": "CVE-2005-0037"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-06-18T00:00:00",
"db": "CERT/CC",
"id": "VU#23495"
},
{
"date": "2005-05-24T00:00:00",
"db": "BID",
"id": "13729"
},
{
"date": "2005-05-29T20:22:44",
"db": "PACKETSTORM",
"id": "37713"
},
{
"date": "2005-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-731"
},
{
"date": "2005-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2005-0037"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-11-15T00:00:00",
"db": "CERT/CC",
"id": "VU#23495"
},
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "13729"
},
{
"date": "2010-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-731"
},
{
"date": "2024-11-20T23:54:16.360000",
"db": "NVD",
"id": "CVE-2005-0037"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-731"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DNS implementations vulnerable to denial-of-service attacks via malformed DNS queries",
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "13729"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-731"
}
],
"trust": 0.9
}
}
var-200512-0640
Vulnerability from variot
The DNS implementation in DeleGate 8.10.2 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. Note that some other DNS packet processing systems have the issues related to this vulnerability. Multiple DNS vendors are susceptible to a remote denial-of-service vulnerability. This issue affects both DNS servers and clients. This issue arises when an affected application handles a specially crafted DNS message. A successful attack would crash the affected client or server.
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: Cisco Various Products Compressed DNS Messages Denial of Service
SECUNIA ADVISORY ID: SA15472
VERIFY ADVISORY: http://secunia.com/advisories/15472/
CRITICAL: Less critical
IMPACT: DoS
WHERE:
From remote
OPERATING SYSTEM: Cisco ATA 180 Series Analog Telephone Adaptors http://secunia.com/product/2810/
SOFTWARE: Cisco IP Phone 7900 Series http://secunia.com/product/2809/ Cisco ACNS Software Version 5.x http://secunia.com/product/2268/ Cisco ACNS Software Version 4.x http://secunia.com/product/2269/ Cisco Unity Express 2.x http://secunia.com/product/5151/
DESCRIPTION: A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to cause a DoS (Denial of Service).
Successful exploitation crashes a vulnerable device or causes it to function abnormally.
The vulnerability affects the following products: * Cisco IP Phones 7902/7905/7912 * Cisco ATA (Analog Telephone Adaptor) 186/188 * Cisco Unity Express
The following Cisco ACNS (Application and Content Networking System) devices are also affected: * Cisco 500 Series Content Engines * Cisco 7300 Series Content Engines * Cisco Content Routers 4400 series * Cisco Content Distribution Manager 4600 series * Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and 3800 series Integrated Service Routers.
SOLUTION: See patch matrix in vendor advisory for information about fixes. http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software
PROVIDED AND/OR DISCOVERED BY: NISCC credits Dr. Steve Beaty.
ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml
NISCC: http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0640",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.10.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.10"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.9.6"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.9.5"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.9.4"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.9.3"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.9.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.9.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.9"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.5.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.4.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.3.4"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.3.3"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "7.9.11"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "7.8.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "7.8.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "7.8.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "7.7.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "7.7.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.0,
"vendor": "delegate",
"version": "5.9.3"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.0,
"vendor": "etl",
"version": "6.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.0,
"vendor": "etl",
"version": "5.9"
},
{
"model": "delegate",
"scope": "lte",
"trust": 1.0,
"vendor": "delegate",
"version": "8.10.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.9,
"vendor": "delegate",
"version": "8.10.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ethereal",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tcpdump",
"version": null
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.8,
"vendor": "delegate",
"version": "8.10.2 and eariler"
},
{
"model": "application \u0026 content networking software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "2.9.16"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "2.9.15"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "2.8"
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "2.0"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.10"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.9"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.8"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.7"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.6"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.5"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.4"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.3"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.2"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.1"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.0"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "1.4"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "1.3"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "1.2"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "1.1"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "1.0"
},
{
"model": "unity express",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "subscriber edge services manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(1)"
},
{
"model": "subscriber edge services manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(2)"
},
{
"model": "subscriber edge services manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(1)"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "79120"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7905"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7902"
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4450"
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44304.1"
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44304.0"
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4430"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3800"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3700"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3600"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2800"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2600"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7325"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "73204.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "73204.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "73203.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "73202.2.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7320"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5904.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5904.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5903.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5902.2.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "590"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "565"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5604.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5604.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5603.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5602.2.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "560"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "510"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5074.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5074.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5073.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5072.2.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "507"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4670"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "46504.1"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "46504.0"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4650"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "46304.1"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "46304.0"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4630"
},
{
"model": "ata-188",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ata-186",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.3.9"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.1.7"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.13.7"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.11.6"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.17.6"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.5"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.3"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.1"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.11"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.9"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.7"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.3"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.1"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.3"
},
{
"model": "powerdns",
"scope": "ne",
"trust": 0.3,
"vendor": "powerdns",
"version": "2.9.17"
},
{
"model": "dnrd",
"scope": "ne",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.18"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.11.1"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.11"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.6"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.5"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.4"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.3"
},
{
"model": "subscriber edge services manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(2)"
},
{
"model": "application \u0026 content networking software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3.3"
},
{
"model": "application \u0026 content networking software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.7"
},
{
"model": "application \u0026 content networking software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.15"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000343"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-967"
},
{
"db": "NVD",
"id": "CVE-2005-0036"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:delegate:delegate",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000343"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Dr. Steve Beaty from the Department of Mathematical and Computer Sciences at the Metropolitan State College of Denver.",
"sources": [
{
"db": "BID",
"id": "13729"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-967"
}
],
"trust": 0.9
},
"cve": "CVE-2005-0036",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2005-0036",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-0036",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#23495",
"trust": 0.8,
"value": "41.92"
},
{
"author": "NVD",
"id": "CVE-2005-0036",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-967",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2005-0036",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "VULMON",
"id": "CVE-2005-0036"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000343"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-967"
},
{
"db": "NVD",
"id": "CVE-2005-0036"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The DNS implementation in DeleGate 8.10.2 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. Note that some other DNS packet processing systems have the issues related to this vulnerability. Multiple DNS vendors are susceptible to a remote denial-of-service vulnerability. This issue affects both DNS servers and clients. \nThis issue arises when an affected application handles a specially crafted DNS message. \nA successful attack would crash the affected client or server. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Various Products Compressed DNS Messages Denial of Service\n\nSECUNIA ADVISORY ID:\nSA15472\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15472/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nCisco ATA 180 Series Analog Telephone Adaptors\nhttp://secunia.com/product/2810/\n\nSOFTWARE:\nCisco IP Phone 7900 Series\nhttp://secunia.com/product/2809/\nCisco ACNS Software Version 5.x\nhttp://secunia.com/product/2268/\nCisco ACNS Software Version 4.x\nhttp://secunia.com/product/2269/\nCisco Unity Express 2.x\nhttp://secunia.com/product/5151/\n\nDESCRIPTION:\nA vulnerability has been reported in various Cisco products, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nSuccessful exploitation crashes a vulnerable device or causes it to\nfunction abnormally. \n\nThe vulnerability affects the following products:\n* Cisco IP Phones 7902/7905/7912\n* Cisco ATA (Analog Telephone Adaptor) 186/188\n* Cisco Unity Express\n\nThe following Cisco ACNS (Application and Content Networking System)\ndevices are also affected:\n* Cisco 500 Series Content Engines\n* Cisco 7300 Series Content Engines\n* Cisco Content Routers 4400 series\n* Cisco Content Distribution Manager 4600 series\n* Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and\n3800 series Integrated Service Routers. \n\nSOLUTION:\nSee patch matrix in vendor advisory for information about fixes. \nhttp://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software\n\nPROVIDED AND/OR DISCOVERED BY:\nNISCC credits Dr. Steve Beaty. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml\n\nNISCC:\nhttp://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0036"
},
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000343"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "VULMON",
"id": "CVE-2005-0036"
},
{
"db": "PACKETSTORM",
"id": "37713"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "13729",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2005-0036",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "25291",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "15472",
"trust": 0.9
},
{
"db": "SECTRACK",
"id": "1014043",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014044",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014045",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014046",
"trust": 0.8
},
{
"db": "BID",
"id": "1165",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#23495",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000343",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200512-967",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2005-0036",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "37713",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "VULMON",
"id": "CVE-2005-0036"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000343"
},
{
"db": "PACKETSTORM",
"id": "37713"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-967"
},
{
"db": "NVD",
"id": "CVE-2005-0036"
}
]
},
"id": "VAR-200512-0640",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3638431
},
"last_update_date": "2024-11-23T22:04:38.597000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.delegate.org/delegate/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000343"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0036"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.securityfocus.com/bid/13729"
},
{
"trust": 2.9,
"url": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html"
},
{
"trust": 1.7,
"url": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/25291"
},
{
"trust": 1.2,
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15472/"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/1165"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/l-015.shtml"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id?1014046"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id?1014045"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id?1014044"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id?1014043"
},
{
"trust": 0.8,
"url": "http://www.ethereal.com"
},
{
"trust": 0.8,
"url": "http://www.tcpdump.org"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0036"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20050524-00432.xml"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2005/0610"
},
{
"trust": 0.8,
"url": "http://jvn.jp/niscc/niscc-589088/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-0036"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/docs/re-20050524-00432.pdf?lang=en"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=9258"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2810/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5151/"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2268/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2269/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2809/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "VULMON",
"id": "CVE-2005-0036"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000343"
},
{
"db": "PACKETSTORM",
"id": "37713"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-967"
},
{
"db": "NVD",
"id": "CVE-2005-0036"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "VULMON",
"id": "CVE-2005-0036"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000343"
},
{
"db": "PACKETSTORM",
"id": "37713"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-967"
},
{
"db": "NVD",
"id": "CVE-2005-0036"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-06-18T00:00:00",
"db": "CERT/CC",
"id": "VU#23495"
},
{
"date": "2005-12-31T00:00:00",
"db": "VULMON",
"id": "CVE-2005-0036"
},
{
"date": "2005-05-24T00:00:00",
"db": "BID",
"id": "13729"
},
{
"date": "2008-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000343"
},
{
"date": "2005-05-29T20:22:44",
"db": "PACKETSTORM",
"id": "37713"
},
{
"date": "2005-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-967"
},
{
"date": "2005-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2005-0036"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-11-15T00:00:00",
"db": "CERT/CC",
"id": "VU#23495"
},
{
"date": "2008-09-05T00:00:00",
"db": "VULMON",
"id": "CVE-2005-0036"
},
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "13729"
},
{
"date": "2008-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000343"
},
{
"date": "2010-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-967"
},
{
"date": "2024-11-20T23:54:16.217000",
"db": "NVD",
"id": "CVE-2005-0036"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-967"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DNS implementations vulnerable to denial-of-service attacks via malformed DNS queries",
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "13729"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-967"
}
],
"trust": 0.9
}
}
var-200512-0639
Vulnerability from variot
The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. Incorrect decoding of malformed DNS packets causes certain DNS implementations to hang or crash. Multiple DNS vendors are susceptible to a remote denial-of-service vulnerability. This issue affects both DNS servers and clients. This issue arises when an affected application handles a specially crafted DNS message. A successful attack would crash the affected client or server.
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: Cisco Various Products Compressed DNS Messages Denial of Service
SECUNIA ADVISORY ID: SA15472
VERIFY ADVISORY: http://secunia.com/advisories/15472/
CRITICAL: Less critical
IMPACT: DoS
WHERE:
From remote
OPERATING SYSTEM: Cisco ATA 180 Series Analog Telephone Adaptors http://secunia.com/product/2810/
SOFTWARE: Cisco IP Phone 7900 Series http://secunia.com/product/2809/ Cisco ACNS Software Version 5.x http://secunia.com/product/2268/ Cisco ACNS Software Version 4.x http://secunia.com/product/2269/ Cisco Unity Express 2.x http://secunia.com/product/5151/
DESCRIPTION: A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the DNS implementation during the decompression of compressed DNS messages and can be exploited via a specially crafted DNS packet containing invalid information in the compressed section.
Successful exploitation crashes a vulnerable device or causes it to function abnormally.
The vulnerability affects the following products: * Cisco IP Phones 7902/7905/7912 * Cisco ATA (Analog Telephone Adaptor) 186/188 * Cisco Unity Express
The following Cisco ACNS (Application and Content Networking System) devices are also affected: * Cisco 500 Series Content Engines * Cisco 7300 Series Content Engines * Cisco Content Routers 4400 series * Cisco Content Distribution Manager 4600 series * Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and 3800 series Integrated Service Routers.
SOLUTION: See patch matrix in vendor advisory for information about fixes. http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software
PROVIDED AND/OR DISCOVERED BY: NISCC credits Dr. Steve Beaty.
ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml
NISCC: http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0639",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powerdns",
"scope": "eq",
"trust": 1.9,
"vendor": "powerdns",
"version": "2.9.15"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "2.9.4"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "2.9.5"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "2.9.6"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "2.9.14"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "2.9.8"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "2.9.3a"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "2.9.7"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "2.9.2"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 1.3,
"vendor": "powerdns",
"version": "2.8"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "2.9.12"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "2.9.13"
},
{
"model": "powerdns",
"scope": "lte",
"trust": 1.0,
"vendor": "powerdns",
"version": "2.9.16"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "2.9.10"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "2.9.0"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "2.0_rc1"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "2.9.11"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "2.9.1"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.9,
"vendor": "powerdns",
"version": "2.9.16"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ethereal",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tcpdump",
"version": null
},
{
"model": "application \u0026 content networking software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "2.0"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.10"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.9"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.8"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.7"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.6"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.5"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.4"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.3"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.2"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.1"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.0"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "1.4"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "1.3"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "1.2"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "1.1"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "1.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.6"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.5"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.4"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.3"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.5.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.4.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.3.4"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.3.3"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "7.9.11"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "7.8.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "7.8.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "7.8.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "7.7.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "7.7.0"
},
{
"model": "unity express",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "subscriber edge services manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(1)"
},
{
"model": "subscriber edge services manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(2)"
},
{
"model": "subscriber edge services manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(1)"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "79120"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7905"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7902"
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4450"
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44304.1"
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44304.0"
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4430"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3800"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3700"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3600"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2800"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2600"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7325"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "73204.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "73204.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "73203.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "73202.2.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7320"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5904.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5904.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5903.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5902.2.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "590"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "565"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5604.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5604.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5603.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5602.2.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "560"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "510"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5074.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5074.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5073.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5072.2.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "507"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4670"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "46504.1"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "46504.0"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4650"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "46304.1"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "46304.0"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4630"
},
{
"model": "ata-188",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ata-186",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.3.9"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.1.7"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.13.7"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.11.6"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.17.6"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.5"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.3"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.1"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.11"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.9"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.7"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.3"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.1"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.3"
},
{
"model": "powerdns",
"scope": "ne",
"trust": 0.3,
"vendor": "powerdns",
"version": "2.9.17"
},
{
"model": "dnrd",
"scope": "ne",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.18"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.11.1"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.11"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.6"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.5"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.4"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.3"
},
{
"model": "subscriber edge services manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(2)"
},
{
"model": "application \u0026 content networking software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3.3"
},
{
"model": "application \u0026 content networking software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.7"
},
{
"model": "application \u0026 content networking software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.15"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-776"
},
{
"db": "NVD",
"id": "CVE-2005-0038"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Dr. Steve Beaty from the Department of Mathematical and Computer Sciences at the Metropolitan State College of Denver.",
"sources": [
{
"db": "BID",
"id": "13729"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-776"
}
],
"trust": 0.9
},
"cve": "CVE-2005-0038",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2005-0038",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-0038",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#23495",
"trust": 0.8,
"value": "41.92"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-776",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-776"
},
{
"db": "NVD",
"id": "CVE-2005-0038"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. Incorrect decoding of malformed DNS packets causes certain DNS implementations to hang or crash. Multiple DNS vendors are susceptible to a remote denial-of-service vulnerability. This issue affects both DNS servers and clients. \nThis issue arises when an affected application handles a specially crafted DNS message. \nA successful attack would crash the affected client or server. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Various Products Compressed DNS Messages Denial of Service\n\nSECUNIA ADVISORY ID:\nSA15472\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15472/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nCisco ATA 180 Series Analog Telephone Adaptors\nhttp://secunia.com/product/2810/\n\nSOFTWARE:\nCisco IP Phone 7900 Series\nhttp://secunia.com/product/2809/\nCisco ACNS Software Version 5.x\nhttp://secunia.com/product/2268/\nCisco ACNS Software Version 4.x\nhttp://secunia.com/product/2269/\nCisco Unity Express 2.x\nhttp://secunia.com/product/5151/\n\nDESCRIPTION:\nA vulnerability has been reported in various Cisco products, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nThe vulnerability is caused due to an error in the DNS implementation\nduring the decompression of compressed DNS messages and can be\nexploited via a specially crafted DNS packet containing invalid\ninformation in the compressed section. \n\nSuccessful exploitation crashes a vulnerable device or causes it to\nfunction abnormally. \n\nThe vulnerability affects the following products:\n* Cisco IP Phones 7902/7905/7912\n* Cisco ATA (Analog Telephone Adaptor) 186/188\n* Cisco Unity Express\n\nThe following Cisco ACNS (Application and Content Networking System)\ndevices are also affected:\n* Cisco 500 Series Content Engines\n* Cisco 7300 Series Content Engines\n* Cisco Content Routers 4400 series\n* Cisco Content Distribution Manager 4600 series\n* Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and\n3800 series Integrated Service Routers. \n\nSOLUTION:\nSee patch matrix in vendor advisory for information about fixes. \nhttp://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software\n\nPROVIDED AND/OR DISCOVERED BY:\nNISCC credits Dr. Steve Beaty. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml\n\nNISCC:\nhttp://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0038"
},
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "PACKETSTORM",
"id": "37713"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "13729",
"trust": 2.7
},
{
"db": "NVD",
"id": "CVE-2005-0038",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "25291",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "15472",
"trust": 0.9
},
{
"db": "SECTRACK",
"id": "1014043",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014044",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014045",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014046",
"trust": 0.8
},
{
"db": "BID",
"id": "1165",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#23495",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200512-776",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "37713",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "PACKETSTORM",
"id": "37713"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-776"
},
{
"db": "NVD",
"id": "CVE-2005-0038"
}
]
},
"id": "VAR-200512-0639",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3638431
},
"last_update_date": "2024-11-23T22:04:38.637000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0038"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/13729"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/25291"
},
{
"trust": 1.6,
"url": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en"
},
{
"trust": 1.2,
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15472/"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/1165"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/l-015.shtml"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id?1014046"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id?1014045"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id?1014044"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id?1014043"
},
{
"trust": 0.8,
"url": "http://www.ethereal.com"
},
{
"trust": 0.8,
"url": "http://www.tcpdump.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2810/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5151/"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2268/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2269/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2809/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "PACKETSTORM",
"id": "37713"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-776"
},
{
"db": "NVD",
"id": "CVE-2005-0038"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "PACKETSTORM",
"id": "37713"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-776"
},
{
"db": "NVD",
"id": "CVE-2005-0038"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-06-18T00:00:00",
"db": "CERT/CC",
"id": "VU#23495"
},
{
"date": "2005-05-24T00:00:00",
"db": "BID",
"id": "13729"
},
{
"date": "2005-05-29T20:22:44",
"db": "PACKETSTORM",
"id": "37713"
},
{
"date": "2005-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-776"
},
{
"date": "2005-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2005-0038"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-11-15T00:00:00",
"db": "CERT/CC",
"id": "VU#23495"
},
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "13729"
},
{
"date": "2010-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-776"
},
{
"date": "2024-11-20T23:54:16.503000",
"db": "NVD",
"id": "CVE-2005-0038"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-776"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DNS implementations vulnerable to denial-of-service attacks via malformed DNS queries",
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "13729"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-776"
}
],
"trust": 0.9
}
}
var-200512-0860
Vulnerability from variot
Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset. Incorrect decoding of malformed DNS packets causes certain DNS implementations to hang or crash. Multiple DNS vendors are susceptible to a remote denial-of-service vulnerability. This issue affects both DNS servers and clients. This issue arises when an affected application handles a specially crafted DNS message. A successful attack would crash the affected client or server.
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: Cisco Various Products Compressed DNS Messages Denial of Service
SECUNIA ADVISORY ID: SA15472
VERIFY ADVISORY: http://secunia.com/advisories/15472/
CRITICAL: Less critical
IMPACT: DoS
WHERE:
From remote
OPERATING SYSTEM: Cisco ATA 180 Series Analog Telephone Adaptors http://secunia.com/product/2810/
SOFTWARE: Cisco IP Phone 7900 Series http://secunia.com/product/2809/ Cisco ACNS Software Version 5.x http://secunia.com/product/2268/ Cisco ACNS Software Version 4.x http://secunia.com/product/2269/ Cisco Unity Express 2.x http://secunia.com/product/5151/
DESCRIPTION: A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the DNS implementation during the decompression of compressed DNS messages and can be exploited via a specially crafted DNS packet containing invalid information in the compressed section.
Successful exploitation crashes a vulnerable device or causes it to function abnormally.
The vulnerability affects the following products: * Cisco IP Phones 7902/7905/7912 * Cisco ATA (Analog Telephone Adaptor) 186/188 * Cisco Unity Express
The following Cisco ACNS (Application and Content Networking System) devices are also affected: * Cisco 500 Series Content Engines * Cisco 7300 Series Content Engines * Cisco Content Routers 4400 series * Cisco Content Distribution Manager 4600 series * Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and 3800 series Integrated Service Routers.
SOLUTION: See patch matrix in vendor advisory for information about fixes. http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software
PROVIDED AND/OR DISCOVERED BY: NISCC credits Dr. Steve Beaty.
ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml
NISCC: http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0860",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ata",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "188"
},
{
"model": "ata",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "186"
},
{
"model": "subscriber edge services manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "unity express",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "ip phone 7912",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "ip phone 7902",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "ip phone 7905",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "application and content networking software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "unity express",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ethereal",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tcpdump",
"version": null
},
{
"model": "application \u0026 content networking software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "subscriber edge services manager",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone 7902",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "application and content networking software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone 7905",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone 7912",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "2.9.16"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "2.9.15"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "2.8"
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "2.0"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.10"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.9"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.8"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.7"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.6"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.5"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.4"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.3"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.2"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.1"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.0"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "1.4"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "1.3"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "1.2"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "1.1"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 0.3,
"vendor": "dnrd",
"version": "1.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.6"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.5"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.4"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.3"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.5.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.4.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.3.4"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.3.3"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "7.9.11"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "7.8.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "7.8.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "7.8.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "7.7.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "7.7.0"
},
{
"model": "subscriber edge services manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(1)"
},
{
"model": "subscriber edge services manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(2)"
},
{
"model": "subscriber edge services manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(1)"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "79120"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7905"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7902"
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4450"
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44304.1"
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44304.0"
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4430"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3800"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3700"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3600"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2800"
},
{
"model": "content engine module for cisco router series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2600"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7325"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "73204.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "73204.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "73203.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "73202.2.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7320"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5904.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5904.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5903.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5902.2.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "590"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "565"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5604.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5604.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5603.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5602.2.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "560"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "510"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5074.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5074.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5073.1"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5072.2.0"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "507"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4670"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "46504.1"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "46504.0"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4650"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "46304.1"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "46304.0"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4630"
},
{
"model": "ata-188",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ata-186",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.3.9"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.1.7"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.13.7"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.11.6"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.17.6"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.5"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.3"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.1"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.11"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.9"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.7"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.3"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.1"
},
{
"model": "application \u0026 content networking software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.3"
},
{
"model": "powerdns",
"scope": "ne",
"trust": 0.3,
"vendor": "powerdns",
"version": "2.9.17"
},
{
"model": "dnrd",
"scope": "ne",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.18"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.11.1"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.11"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.6"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.5"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.4"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.3"
},
{
"model": "subscriber edge services manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(2)"
},
{
"model": "application \u0026 content networking software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3.3"
},
{
"model": "application \u0026 content networking software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.7"
},
{
"model": "application \u0026 content networking software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.15"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-642"
},
{
"db": "NVD",
"id": "CVE-2005-4794"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Dr. Steve Beaty from the Department of Mathematical and Computer Sciences at the Metropolitan State College of Denver.",
"sources": [
{
"db": "BID",
"id": "13729"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-642"
}
],
"trust": 0.9
},
"cve": "CVE-2005-4794",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2005-4794",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-16002",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-4794",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#23495",
"trust": 0.8,
"value": "41.92"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-642",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-16002",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "VULHUB",
"id": "VHN-16002"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-642"
},
{
"db": "NVD",
"id": "CVE-2005-4794"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset. Incorrect decoding of malformed DNS packets causes certain DNS implementations to hang or crash. Multiple DNS vendors are susceptible to a remote denial-of-service vulnerability. This issue affects both DNS servers and clients. \nThis issue arises when an affected application handles a specially crafted DNS message. \nA successful attack would crash the affected client or server. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Various Products Compressed DNS Messages Denial of Service\n\nSECUNIA ADVISORY ID:\nSA15472\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15472/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nCisco ATA 180 Series Analog Telephone Adaptors\nhttp://secunia.com/product/2810/\n\nSOFTWARE:\nCisco IP Phone 7900 Series\nhttp://secunia.com/product/2809/\nCisco ACNS Software Version 5.x\nhttp://secunia.com/product/2268/\nCisco ACNS Software Version 4.x\nhttp://secunia.com/product/2269/\nCisco Unity Express 2.x\nhttp://secunia.com/product/5151/\n\nDESCRIPTION:\nA vulnerability has been reported in various Cisco products, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nThe vulnerability is caused due to an error in the DNS implementation\nduring the decompression of compressed DNS messages and can be\nexploited via a specially crafted DNS packet containing invalid\ninformation in the compressed section. \n\nSuccessful exploitation crashes a vulnerable device or causes it to\nfunction abnormally. \n\nThe vulnerability affects the following products:\n* Cisco IP Phones 7902/7905/7912\n* Cisco ATA (Analog Telephone Adaptor) 186/188\n* Cisco Unity Express\n\nThe following Cisco ACNS (Application and Content Networking System)\ndevices are also affected:\n* Cisco 500 Series Content Engines\n* Cisco 7300 Series Content Engines\n* Cisco Content Routers 4400 series\n* Cisco Content Distribution Manager 4600 series\n* Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and\n3800 series Integrated Service Routers. \n\nSOLUTION:\nSee patch matrix in vendor advisory for information about fixes. \nhttp://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software\n\nPROVIDED AND/OR DISCOVERED BY:\nNISCC credits Dr. Steve Beaty. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml\n\nNISCC:\nhttp://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4794"
},
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "VULHUB",
"id": "VHN-16002"
},
{
"db": "PACKETSTORM",
"id": "37713"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "13729",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "15472",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1014043",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1014044",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1014045",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1014046",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2005-4794",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1015975",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "19003",
"trust": 1.7
},
{
"db": "BID",
"id": "1165",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#23495",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200512-642",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20050524 CRAFTED DNS PACKET CAN CAUSE DENIAL OF SERVICE",
"trust": 0.6
},
{
"db": "XF",
"id": "20712",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-16002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "37713",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "VULHUB",
"id": "VHN-16002"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "PACKETSTORM",
"id": "37713"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-642"
},
{
"db": "NVD",
"id": "CVE-2005-4794"
}
]
},
"id": "VAR-200512-0860",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-16002"
}
],
"trust": 0.6152548999999999
},
"last_update_date": "2024-11-23T22:04:38.671000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4794"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html"
},
{
"trust": 2.9,
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/13729"
},
{
"trust": 1.7,
"url": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/19003"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014043"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014044"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014045"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014046"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015975"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/15472"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20712"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15472/"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/1165"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/l-015.shtml"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id?1014046"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id?1014045"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id?1014044"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id?1014043"
},
{
"trust": 0.8,
"url": "http://www.ethereal.com"
},
{
"trust": 0.8,
"url": "http://www.tcpdump.org"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/20712"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2810/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5151/"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2268/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2269/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2809/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "VULHUB",
"id": "VHN-16002"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "PACKETSTORM",
"id": "37713"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-642"
},
{
"db": "NVD",
"id": "CVE-2005-4794"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#23495"
},
{
"db": "VULHUB",
"id": "VHN-16002"
},
{
"db": "BID",
"id": "13729"
},
{
"db": "PACKETSTORM",
"id": "37713"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-642"
},
{
"db": "NVD",
"id": "CVE-2005-4794"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-06-18T00:00:00",
"db": "CERT/CC",
"id": "VU#23495"
},
{
"date": "2005-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-16002"
},
{
"date": "2005-05-24T00:00:00",
"db": "BID",
"id": "13729"
},
{
"date": "2005-05-29T20:22:44",
"db": "PACKETSTORM",
"id": "37713"
},
{
"date": "2005-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-642"
},
{
"date": "2005-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2005-4794"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-11-15T00:00:00",
"db": "CERT/CC",
"id": "VU#23495"
},
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-16002"
},
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "13729"
},
{
"date": "2006-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-642"
},
{
"date": "2024-11-21T00:05:11.867000",
"db": "NVD",
"id": "CVE-2005-4794"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-642"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DNS implementations vulnerable to denial-of-service attacks via malformed DNS queries",
"sources": [
{
"db": "CERT/CC",
"id": "VU#23495"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "13729"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-642"
}
],
"trust": 0.9
}
}
var-201001-0677
Vulnerability from variot
Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS data via crafted zones. PowerDNS Recursor is a high performance recursive name server. A remote attacker can trick PowerDNS Recursor into accepting malicious data. The server may incorrectly add records to its cache during parsing of recursive client queries. This is a case of cache poisoning. DNS cache poisoning refers to changing an item in the DNS cache of the DNS server so that the IP address associated with the host name in the cache no longer points to the correct location. For example, if www.example.com maps to the IP address 192.168.0.1 and the mapping exists in the DNS server's cache, an attacker who successfully poisons the server's DNS cache can map www.example.com to 10.0. 0.1. In this case, a user attempting to access www.example.com may contact the wrong web server. PowerDNS is prone to a remote cache-poisoning vulnerability. An attacker can exploit this issue to divert data from a legitimate site to an attacker-specified site. Successful exploits will allow the attacker to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks. PowerDNS 3.1.7.1 and earlier are vulnerable. (Note that the etch version of pdns-recursor was not vulnerable to CVE-2009-4009.)
Extra care should be applied when installing this update. Major differences in internal domain name processing made backporting just the security fix too difficult.
For more information: SA38004
SOLUTION: Apply updated packages using the yum utility ("yum update pdns-recursor"). ----------------------------------------------------------------------
Accurate Vulnerability Scanning No more false positives, no more false negatives
http://secunia.com/vulnerability_scanning/
TITLE: PowerDNS Recursor Spoofing and Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA38004
VERIFY ADVISORY: http://secunia.com/advisories/38004/
DESCRIPTION: Some vulnerabilities have been reported in PowerDNS Recursor, which can be exploited by malicious people to conduct spoofing attacks and potentially compromise a vulnerable system.
1) An unspecified error exists when handling certain specially crafted packets, which can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerabilities are reported in PowerDNS Recursor version 3.1.7.1 and prior. PowerDNS Authoritative ('pdns_server') is not affected.
SOLUTION: Update to version 3.1.7.2. http://www.powerdns.com/en/downloads.aspx
PROVIDED AND/OR DISCOVERED BY: The vendor credits anonymous third parties.
ORIGINAL ADVISORY: 1) http://doc.powerdns.com/powerdns-advisory-2010-01.html 2) http://doc.powerdns.com/powerdns-advisory-2010-02.html
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-33
http://security.gentoo.org/
Severity: High Title: PowerDNS Recursor: Multiple vulnerabilities Date: December 22, 2014 Bugs: #299942, #404377, #514946, #531992 ID: 201412-33
Synopsis
Multiple vulnerabilities have been found in PowerDNS Recursor, the worst of which may allow execution of arbitrary code.
Background
PowerDNS Recursor is a high-end, high-performance resolving name server
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/pdns-recursor < 3.6.1-r1 >= 3.6.1-r1
Description
Multiple vulnerabilities have been discovered in PowerDNS Recursor. Please review the CVE identifiers and PowerDNS blog post referenced below for details.
Impact
A remote attacker may be able to send specially crafted packets, possibly resulting in arbitrary code execution or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All PowerDNS Recursor users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/pdns-recursor-3.6.1-r1"=
References
[ 1 ] CVE-2009-4009 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4009 [ 2 ] CVE-2009-4010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4010 [ 3 ] CVE-2012-1193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1193 [ 4 ] CVE-2014-8601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8601 [ 5 ] Related to recent DoS attacks: Recursor configuration file guidance
http://blog.powerdns.com/2014/02/06/related-to-recent-dos-attacks-recurso= r-configuration-file-guidance/
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-33.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-1968-1 security@debian.org http://www.debian.org/security/ Florian Weimer January 08, 2010 http://www.debian.org/security/faq
Package : pdns-recursor Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2009-4009 CVE-2009-4010
It was discovered that pdns-recursor, the PowerDNS recursive name server, contains several vulnerabilities:
A buffer overflow can be exploited to crash the daemon, or potentially execute arbitrary code (CVE-2009-4009).
For the old stable distribution (etch), fixed packages will be provided soon.
For the stable distribution (lenny), these problems have been fixed in version 3.1.7-1+lenny1.
For the unstable distribution (sid), these problems have been fixed in version 3.1.7.2-1.
We recommend that you upgrade your pdns-recursor package.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
Source archives:
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7.orig.tar.gz Size/MD5 checksum: 211760 38c58fef666685d6756da97baf9b4d51 http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1.dsc Size/MD5 checksum: 1654 fff9beb43eec355ca42d93d53c1ce299 http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1.diff.gz Size/MD5 checksum: 14769 8794fecd11f1b014592e2a36d40aaaf6
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_alpha.deb Size/MD5 checksum: 545726 dc05fab76c0fcb051b9a428cfa126061
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_amd64.deb Size/MD5 checksum: 440822 365fc4da2fd1770f8e62f1a3a0046231
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_i386.deb Size/MD5 checksum: 440686 ac26d27658892619ce539921796bce67
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_ia64.deb Size/MD5 checksum: 631308 f80c2d28ee6d9ebdbf6cad177c8fbddd
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_powerpc.deb Size/MD5 checksum: 463434 f0bba833d4231bb2237433373e888a12
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_s390.deb Size/MD5 checksum: 428138 994a5190fa0f73b49252bee0a695fb4d
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
iQEcBAEBAgAGBQJLR6jtAAoJEL97/wQC1SS+RxkH/0esg7lQO3qDCRJw32DPNjI0 zlHI6Z6jvWyhYnitqfrzuXdgU18Nq5txdLvJlllQOtxVOnwXAaVOSHCELc0c4i2D DC0JLWGm43n6RBxEteJsx83xN5yucVg4c7KvSjDM2lHkcOnXL+Z6Qz93pFgoL9wF x6uBdBBV3+YqrvHvl8hV0fHQPyMYvE6x2sJ5eBm6bluXCPgNYviFtiCTx1HUUTBn csGvkDSX81vFe07AKWr41ZiC0p5vesyJC4V6ljB2l9UWPLGT1pKZSuByfdNYMgvV guGTqguJzcjaoQ8Cn619Rmqn513N8itRyIqb8gI9E+YmcizBIdLHDi4JSsD/ikA= =XCaJ -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201001-0677",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "recursor",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "3.1.7"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "2.9.17"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "3.1.7.1"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "2.9.15"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "2.8"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "2.0_rc1"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "3.1.5"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "3.1.4"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "3.1.6"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "2.9.16"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "3.1"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "2.9.18"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "3.1.2"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "3.0.1"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "3.0"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "3.1.1"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "3.1.3"
},
{
"model": "recursor",
"scope": "lte",
"trust": 1.0,
"vendor": "powerdns",
"version": "3.1.7.2"
},
{
"model": "recursor",
"scope": "lt",
"trust": 0.8,
"vendor": "powerdns",
"version": "3.1.7.2"
},
{
"model": "hat fedora",
"scope": "eq",
"trust": 0.6,
"vendor": "red",
"version": "16"
},
{
"model": "recursor",
"scope": "eq",
"trust": 0.6,
"vendor": "powerdns",
"version": "3.1.7.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.0"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1.7.1"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1.7"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1.6"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1.5"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1.4"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1.3"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1.2"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1.1"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.0.1"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.0"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "powerdns",
"scope": "ne",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1.7.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"db": "BID",
"id": "37653"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005035"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-052"
},
{
"db": "NVD",
"id": "CVE-2009-4010"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:powerdns:recursor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005035"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bert hubert bert.hubert@netherlabs.nl",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201001-052"
}
],
"trust": 0.6
},
"cve": "CVE-2009-4010",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2009-4010",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2010-5502",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-4010",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-4010",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2010-5502",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201001-052",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005035"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-052"
},
{
"db": "NVD",
"id": "CVE-2009-4010"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS data via crafted zones. PowerDNS Recursor is a high performance recursive name server. A remote attacker can trick PowerDNS Recursor into accepting malicious data. The server may incorrectly add records to its cache during parsing of recursive client queries. This is a case of cache poisoning. DNS cache poisoning refers to changing an item in the DNS cache of the DNS server so that the IP address associated with the host name in the cache no longer points to the correct location. For example, if www.example.com maps to the IP address 192.168.0.1 and the mapping exists in the DNS server\u0027s cache, an attacker who successfully poisons the server\u0027s DNS cache can map www.example.com to 10.0. 0.1. In this case, a user attempting to access www.example.com may contact the wrong web server. PowerDNS is prone to a remote cache-poisoning vulnerability. \nAn attacker can exploit this issue to divert data from a legitimate site to an attacker-specified site. \nSuccessful exploits will allow the attacker to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks. \nPowerDNS 3.1.7.1 and earlier are vulnerable. (Note that the\netch version of pdns-recursor was not vulnerable to CVE-2009-4009.)\n\nExtra care should be applied when installing this update. Major differences in internal domain name processing made\nbackporting just the security fix too difficult. \n\nFor more information:\nSA38004\n\nSOLUTION:\nApply updated packages using the yum utility (\"yum update\npdns-recursor\"). ----------------------------------------------------------------------\n\n\n\nAccurate Vulnerability Scanning\nNo more false positives, no more false negatives\n\nhttp://secunia.com/vulnerability_scanning/\n\n\n\n----------------------------------------------------------------------\n\nTITLE:\nPowerDNS Recursor Spoofing and Buffer Overflow Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA38004\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/38004/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in PowerDNS Recursor, which\ncan be exploited by malicious people to conduct spoofing attacks and\npotentially compromise a vulnerable system. \n\n1) An unspecified error exists when handling certain specially\ncrafted packets, which can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerabilities are reported in PowerDNS Recursor version 3.1.7.1\nand prior. PowerDNS Authoritative (\u0027pdns_server\u0027) is not affected. \n\nSOLUTION:\nUpdate to version 3.1.7.2. \nhttp://www.powerdns.com/en/downloads.aspx\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits anonymous third parties. \n\nORIGINAL ADVISORY:\n1) http://doc.powerdns.com/powerdns-advisory-2010-01.html\n2) http://doc.powerdns.com/powerdns-advisory-2010-02.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-33\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: PowerDNS Recursor: Multiple vulnerabilities\n Date: December 22, 2014\n Bugs: #299942, #404377, #514946, #531992\n ID: 201412-33\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PowerDNS Recursor, the\nworst of which may allow execution of arbitrary code. \n\nBackground\n==========\n\nPowerDNS Recursor is a high-end, high-performance resolving name server\n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-dns/pdns-recursor \u003c 3.6.1-r1 \u003e= 3.6.1-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in PowerDNS Recursor. \nPlease review the CVE identifiers and PowerDNS blog post referenced\nbelow for details. \n\nImpact\n======\n\nA remote attacker may be able to send specially crafted packets,\npossibly resulting in arbitrary code execution or a Denial of Service\ncondition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PowerDNS Recursor users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/pdns-recursor-3.6.1-r1\"=\n\n\nReferences\n==========\n\n[ 1 ] CVE-2009-4009\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4009\n[ 2 ] CVE-2009-4010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4010\n[ 3 ] CVE-2012-1193\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1193\n[ 4 ] CVE-2014-8601\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8601\n[ 5 ] Related to recent DoS attacks: Recursor configuration file\n guidance\n\nhttp://blog.powerdns.com/2014/02/06/related-to-recent-dos-attacks-recurso=\nr-configuration-file-guidance/\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-33.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1968-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJanuary 08, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : pdns-recursor\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2009-4009 CVE-2009-4010\n\nIt was discovered that pdns-recursor, the PowerDNS recursive name\nserver, contains several vulnerabilities:\n\nA buffer overflow can be exploited to crash the daemon, or potentially\nexecute arbitrary code (CVE-2009-4009). \n\nFor the old stable distribution (etch), fixed packages will be\nprovided soon. \n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.1.7-1+lenny1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.1.7.2-1. \n\nWe recommend that you upgrade your pdns-recursor package. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7.orig.tar.gz\n Size/MD5 checksum: 211760 38c58fef666685d6756da97baf9b4d51\n http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1.dsc\n Size/MD5 checksum: 1654 fff9beb43eec355ca42d93d53c1ce299\n http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1.diff.gz\n Size/MD5 checksum: 14769 8794fecd11f1b014592e2a36d40aaaf6\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_alpha.deb\n Size/MD5 checksum: 545726 dc05fab76c0fcb051b9a428cfa126061\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_amd64.deb\n Size/MD5 checksum: 440822 365fc4da2fd1770f8e62f1a3a0046231\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_i386.deb\n Size/MD5 checksum: 440686 ac26d27658892619ce539921796bce67\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_ia64.deb\n Size/MD5 checksum: 631308 f80c2d28ee6d9ebdbf6cad177c8fbddd\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_powerpc.deb\n Size/MD5 checksum: 463434 f0bba833d4231bb2237433373e888a12\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_s390.deb\n Size/MD5 checksum: 428138 994a5190fa0f73b49252bee0a695fb4d\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niQEcBAEBAgAGBQJLR6jtAAoJEL97/wQC1SS+RxkH/0esg7lQO3qDCRJw32DPNjI0\nzlHI6Z6jvWyhYnitqfrzuXdgU18Nq5txdLvJlllQOtxVOnwXAaVOSHCELc0c4i2D\nDC0JLWGm43n6RBxEteJsx83xN5yucVg4c7KvSjDM2lHkcOnXL+Z6Qz93pFgoL9wF\nx6uBdBBV3+YqrvHvl8hV0fHQPyMYvE6x2sJ5eBm6bluXCPgNYviFtiCTx1HUUTBn\ncsGvkDSX81vFe07AKWr41ZiC0p5vesyJC4V6ljB2l9UWPLGT1pKZSuByfdNYMgvV\nguGTqguJzcjaoQ8Cn619Rmqn513N8itRyIqb8gI9E+YmcizBIdLHDi4JSsD/ikA=\n=XCaJ\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4010"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005035"
},
{
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"db": "BID",
"id": "37653"
},
{
"db": "PACKETSTORM",
"id": "85750"
},
{
"db": "PACKETSTORM",
"id": "85262"
},
{
"db": "PACKETSTORM",
"id": "85277"
},
{
"db": "PACKETSTORM",
"id": "129691"
},
{
"db": "PACKETSTORM",
"id": "84957"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-4010",
"trust": 3.6
},
{
"db": "BID",
"id": "37653",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "38068",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38004",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023404",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2010-0054",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005035",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2010-5502",
"trust": 0.6
},
{
"db": "XF",
"id": "55439",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "14304",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FEDORA-2010-0209",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FEDORA-2010-0228",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20100106 CRITICAL POWERDNS RECURSOR SECURITY VULNERABILITIES: PLEASE UPGRADE ASAP TO 3.1.7.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201001-052",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "85750",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "85262",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "85277",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129691",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84957",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"db": "BID",
"id": "37653"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005035"
},
{
"db": "PACKETSTORM",
"id": "85750"
},
{
"db": "PACKETSTORM",
"id": "85262"
},
{
"db": "PACKETSTORM",
"id": "85277"
},
{
"db": "PACKETSTORM",
"id": "129691"
},
{
"db": "PACKETSTORM",
"id": "84957"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-052"
},
{
"db": "NVD",
"id": "CVE-2009-4010"
}
]
},
"id": "VAR-201001-0677",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-5502"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-5502"
}
]
},
"last_update_date": "2024-11-23T21:02:58.576000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PowerDNS Security Advisory 2010-02",
"trust": 0.8,
"url": "http://doc.powerdns.com/powerdns-advisory-2010-02.html"
},
{
"title": "PowerDNS Recursor Remote Cache Patch for Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/37391"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005035"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4010"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/37653"
},
{
"trust": 2.0,
"url": "http://doc.powerdns.com/powerdns-advisory-2010-02.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2010-january/msg00228.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2010-january/msg00217.html"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/0054"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=552285"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1023404"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/38068"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/38004"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55439"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/508743/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4010"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4010"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/55439"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/508743/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/14304"
},
{
"trust": 0.3,
"url": "http://www.powerdns.com/"
},
{
"trust": 0.3,
"url": "/archive/1/508743"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4010"
},
{
"trust": 0.2,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.2,
"url": "http://security.debian.org/"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/38004/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4009"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.4+v3.1.7-0+etch1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.4+v3.1.7-0+etch1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.4+v3.1.7-0+etch1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.4+v3.1.7-0+etch1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.4+v3.1.7-0+etch1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.4+v3.1.7.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.4+v3.1.7-0+etch1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.4+v3.1.7-0+etch1.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.4+v3.1.7-0+etch1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/38068/"
},
{
"trust": 0.1,
"url": "http://doc.powerdns.com/powerdns-advisory-2010-01.html"
},
{
"trust": 0.1,
"url": "http://www.powerdns.com/en/downloads.aspx"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4009"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1193"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201412-33.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1193"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8601"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://blog.powerdns.com/2014/02/06/related-to-recent-dos-attacks-recurso="
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8601"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1.dsc"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1.diff.gz"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_i386.deb"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"db": "BID",
"id": "37653"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005035"
},
{
"db": "PACKETSTORM",
"id": "85750"
},
{
"db": "PACKETSTORM",
"id": "85262"
},
{
"db": "PACKETSTORM",
"id": "85277"
},
{
"db": "PACKETSTORM",
"id": "129691"
},
{
"db": "PACKETSTORM",
"id": "84957"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-052"
},
{
"db": "NVD",
"id": "CVE-2009-4010"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"db": "BID",
"id": "37653"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005035"
},
{
"db": "PACKETSTORM",
"id": "85750"
},
{
"db": "PACKETSTORM",
"id": "85262"
},
{
"db": "PACKETSTORM",
"id": "85277"
},
{
"db": "PACKETSTORM",
"id": "129691"
},
{
"db": "PACKETSTORM",
"id": "84957"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-052"
},
{
"db": "NVD",
"id": "CVE-2009-4010"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"date": "2010-01-06T00:00:00",
"db": "BID",
"id": "37653"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005035"
},
{
"date": "2010-01-29T23:33:09",
"db": "PACKETSTORM",
"id": "85750"
},
{
"date": "2010-01-17T12:52:23",
"db": "PACKETSTORM",
"id": "85262"
},
{
"date": "2010-01-17T15:18:58",
"db": "PACKETSTORM",
"id": "85277"
},
{
"date": "2014-12-23T15:40:47",
"db": "PACKETSTORM",
"id": "129691"
},
{
"date": "2010-01-09T01:45:26",
"db": "PACKETSTORM",
"id": "84957"
},
{
"date": "2010-01-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201001-052"
},
{
"date": "2010-01-08T17:30:02.287000",
"db": "NVD",
"id": "CVE-2009-4010"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"date": "2015-04-13T21:54:00",
"db": "BID",
"id": "37653"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005035"
},
{
"date": "2010-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201001-052"
},
{
"date": "2024-11-21T01:08:43.723000",
"db": "NVD",
"id": "CVE-2009-4010"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201001-052"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PowerDNS Recursor Remote Cache Poisoning Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"db": "BID",
"id": "37653"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-052"
}
],
"trust": 1.5
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201001-052"
}
],
"trust": 0.6
}
}
var-201001-0029
Vulnerability from variot
Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS data via crafted zones. PowerDNS Recursor is a high performance recursive name server. A remote attacker can trick PowerDNS Recursor into accepting malicious data. The server may incorrectly add records to its cache during parsing of recursive client queries. This is a case of cache poisoning. DNS cache poisoning refers to changing an item in the DNS cache of the DNS server so that the IP address associated with the host name in the cache no longer points to the correct location. For example, if www.example.com maps to the IP address 192.168.0.1 and the mapping exists in the DNS server's cache, an attacker who successfully poisons the server's DNS cache can map www.example.com to 10.0. 0.1. In this case, a user attempting to access www.example.com may contact the wrong web server. PowerDNS is prone to a remote cache-poisoning vulnerability. An attacker can exploit this issue to divert data from a legitimate site to an attacker-specified site. Successful exploits will allow the attacker to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks. PowerDNS 3.1.7.1 and earlier are vulnerable. ----------------------------------------------------------------------
Accurate Vulnerability Scanning No more false positives, no more false negatives
http://secunia.com/vulnerability_scanning/
TITLE: Debian update for pdns-recursor
SECUNIA ADVISORY ID: SA38158
VERIFY ADVISORY: http://secunia.com/advisories/38158/
DESCRIPTION: Debian has issued an update for pdns-recursor. This fixes some vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks and potentially compromise a vulnerable system.
For more information: SA38004
SOLUTION: Reportedly, updated packages will be available soon.
ORIGINAL ADVISORY: DSA-1968-1: http://lists.debian.org/debian-security-announce/2010/msg00003.html
OTHER REFERENCES: SA38004: http://secunia.com/advisories/38004/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201001-0029",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "recursor",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "3.1.7.1"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "2.9.15"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "3.1.6"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "3.1.4"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "3.1.5"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "3.1.7"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "2.0_rc1"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "2.8"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.6,
"vendor": "powerdns",
"version": "2.9.17"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "3.1"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "3.0"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "3.1.1"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "2.9.18"
},
{
"model": "recursor",
"scope": "lte",
"trust": 1.0,
"vendor": "powerdns",
"version": "3.1.7.2"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "2.9.16"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "3.1.3"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "3.1.2"
},
{
"model": "recursor",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "3.0.1"
},
{
"model": "recursor",
"scope": "lt",
"trust": 0.8,
"vendor": "powerdns",
"version": "3.1.7.2"
},
{
"model": "recursor",
"scope": "eq",
"trust": 0.6,
"vendor": "powerdns",
"version": "3.1.7.2"
},
{
"model": "hat fedora",
"scope": "eq",
"trust": 0.6,
"vendor": "red",
"version": "16"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.0"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1.7.1"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1.7"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1.6"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1.5"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1.4"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1.3"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1.2"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1.1"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.0.1"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.0"
},
{
"model": "powerdns",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "powerdns",
"scope": "ne",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.1.7.2"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4010"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-052"
},
{
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005035"
},
{
"db": "BID",
"id": "37653"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:powerdns:recursor:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:recursor:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:recursor:3.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:recursor:2.0_rc1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:recursor:2.9.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:recursor:2.9.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:recursor:2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:recursor:2.9.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:recursor:3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:recursor:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:recursor:3.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:recursor:3.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:recursor:3.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:recursor:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:recursor:2.9.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:recursor:3.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:recursor:3.1.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.7.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4010"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bert hubert bert.hubert@netherlabs.nl",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201001-052"
}
],
"trust": 0.6
},
"cve": "CVE-2009-4010",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2009-4010",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.8,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2010-5502",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-4010",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201001-052",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2010-5502",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4010"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-052"
},
{
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005035"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS data via crafted zones. PowerDNS Recursor is a high performance recursive name server. A remote attacker can trick PowerDNS Recursor into accepting malicious data. The server may incorrectly add records to its cache during parsing of recursive client queries. This is a case of cache poisoning. DNS cache poisoning refers to changing an item in the DNS cache of the DNS server so that the IP address associated with the host name in the cache no longer points to the correct location. For example, if www.example.com maps to the IP address 192.168.0.1 and the mapping exists in the DNS server\u0027s cache, an attacker who successfully poisons the server\u0027s DNS cache can map www.example.com to 10.0. 0.1. In this case, a user attempting to access www.example.com may contact the wrong web server. PowerDNS is prone to a remote cache-poisoning vulnerability. \nAn attacker can exploit this issue to divert data from a legitimate site to an attacker-specified site. \nSuccessful exploits will allow the attacker to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks. \nPowerDNS 3.1.7.1 and earlier are vulnerable. ----------------------------------------------------------------------\n\n\n\nAccurate Vulnerability Scanning\nNo more false positives, no more false negatives\n\nhttp://secunia.com/vulnerability_scanning/\n\n\n\n----------------------------------------------------------------------\n\nTITLE:\nDebian update for pdns-recursor\n\nSECUNIA ADVISORY ID:\nSA38158\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/38158/\n\nDESCRIPTION:\nDebian has issued an update for pdns-recursor. This fixes some\nvulnerabilities, which can be exploited by malicious people to\nconduct spoofing attacks and potentially compromise a vulnerable\nsystem. \n\nFor more information:\nSA38004\n\nSOLUTION:\nReportedly, updated packages will be available soon. \n\nORIGINAL ADVISORY:\nDSA-1968-1:\nhttp://lists.debian.org/debian-security-announce/2010/msg00003.html\n\nOTHER REFERENCES:\nSA38004:\nhttp://secunia.com/advisories/38004/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4010"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005035"
},
{
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"db": "BID",
"id": "37653"
},
{
"db": "PACKETSTORM",
"id": "85167"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-4010",
"trust": 3.3
},
{
"db": "BID",
"id": "37653",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "38004",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38068",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2010-0054",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005035",
"trust": 0.8
},
{
"db": "FEDORA",
"id": "FEDORA-2010-0209",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FEDORA-2010-0228",
"trust": 0.6
},
{
"db": "XF",
"id": "55439",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "14304",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20100106 CRITICAL POWERDNS RECURSOR SECURITY VULNERABILITIES: PLEASE UPGRADE ASAP TO 3.1.7.2",
"trust": 0.6
},
{
"db": "SECTRACK",
"id": "1023404",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201001-052",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2010-5502",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "38158",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "85167",
"trust": 0.1
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4010"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-052"
},
{
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005035"
},
{
"db": "BID",
"id": "37653"
},
{
"db": "PACKETSTORM",
"id": "85167"
}
]
},
"id": "VAR-201001-0029",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-5502"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-5502"
}
]
},
"last_update_date": "2021-12-18T17:56:06.278000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PowerDNS Security Advisory 2010-02",
"trust": 0.8,
"url": "http://doc.powerdns.com/powerdns-advisory-2010-02.html"
},
{
"title": "PowerDNS Recursor Remote Cache Patch for Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/37391"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005035"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4010"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/37653"
},
{
"trust": 1.9,
"url": "http://doc.powerdns.com/powerdns-advisory-2010-02.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/38068"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/0054"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1023404"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=552285"
},
{
"trust": 1.6,
"url": "https://www.redhat.com/archives/fedora-package-announce/2010-january/msg00217.html"
},
{
"trust": 1.6,
"url": "https://www.redhat.com/archives/fedora-package-announce/2010-january/msg00228.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/38004"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55439"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/508743/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4010"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4010"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/55439"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/508743/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/14304"
},
{
"trust": 0.3,
"url": "http://www.powerdns.com/"
},
{
"trust": 0.3,
"url": "/archive/1/508743"
},
{
"trust": 0.1,
"url": "http://lists.debian.org/debian-security-announce/2010/msg00003.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/38004/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/38158/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4010"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-052"
},
{
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005035"
},
{
"db": "BID",
"id": "37653"
},
{
"db": "PACKETSTORM",
"id": "85167"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-4010"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-052"
},
{
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005035"
},
{
"db": "BID",
"id": "37653"
},
{
"db": "PACKETSTORM",
"id": "85167"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-01-08T17:30:00",
"db": "NVD",
"id": "CVE-2009-4010"
},
{
"date": "2010-01-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201001-052"
},
{
"date": "2010-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005035"
},
{
"date": "2010-01-06T00:00:00",
"db": "BID",
"id": "37653"
},
{
"date": "2010-01-15T12:24:56",
"db": "PACKETSTORM",
"id": "85167"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T19:48:00",
"db": "NVD",
"id": "CVE-2009-4010"
},
{
"date": "2010-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201001-052"
},
{
"date": "2010-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005035"
},
{
"date": "2015-04-13T21:54:00",
"db": "BID",
"id": "37653"
},
{
"date": null,
"db": "PACKETSTORM",
"id": "85167"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201001-052"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PowerDNS Recursor Remote cache poisoning vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201001-052"
},
{
"db": "CNVD",
"id": "CNVD-2010-5502"
},
{
"db": "BID",
"id": "37653"
}
],
"trust": 1.5
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201001-052"
}
],
"trust": 0.6
}
}