Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:
- An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1
allowing an authorized user to crash the server by inserting a specially crafted record in a zone under
their control then sending a DNS query for that record. The issue is due to an integer overflow when
checking if the content of the record matches the expected size, allowing an attacker to cause a read past
the buffer boundary. (CVE-2016-2120)
- An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4,
allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by
sending crafted DNS queries, which might result in a partial denial of service if the system becomes
overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query
regardless of whether they are needed or even legitimate. A specially crafted query containing a large
number of records can be used to take advantage of that behaviour. (CVE-2016-7068)
- An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote,
unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the
web server. If the web server runs out of file descriptors, it triggers an exception and terminates the
whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server
run out of file descriptors since its connection will be closed just after being accepted, it might still
be possible. (CVE-2016-7072)
- An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing
an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient
validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in
AXFRRetriever, leading to a possible replay attack. (CVE-2016-7073)
- An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing
an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient
validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the
possibility of parsing records that are not covered by the TSIG signature. (CVE-2016-7074)
Plugin Details
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 12/15/2016