FreeBSD : powerdns -- Label decompression bug can cause crashes or CPU spikes (64e6006e-f009-11e4-98c6-000c292ee6b8)

High Nessus Plugin ID 83229


The remote FreeBSD host is missing one or more security-related updates.


The PowerDNS project reports :

A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. On some platforms, this bug can be abused to cause crashes. On all platforms, this bug can be abused to cause service-affecting CPU spikes.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 83229

File Name: freebsd_pkg_64e6006ef00911e498c6000c292ee6b8.nasl

Version: $Revision: 2.3 $

Type: local

Published: 2015/05/04

Modified: 2015/07/14

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:powerdns, p-cpe:/a:freebsd:freebsd:powerdns-recursor, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2015/05/01

Vulnerability Publication Date: 2015/04/23

Reference Information

CVE: CVE-2015-1868, CVE-2015-5470