FreeBSD : powerdns -- Label decompression bug can cause crashes or CPU spikes (64e6006e-f009-11e4-98c6-000c292ee6b8)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The PowerDNS project reports :

A bug was discovered in our label decompression code, making it
possible for names to refer to themselves, thus causing a loop during
decompression. On some platforms, this bug can be abused to cause
crashes. On all platforms, this bug can be abused to cause
service-affecting CPU spikes.

See also :

https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
http://www.openwall.com/lists/oss-security/2015/07/10/8
http://www.nessus.org/u?1c03ac49

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 83229 ()

Bugtraq ID:

CVE ID: CVE-2015-1868
CVE-2015-5470

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now