Detections
Analytics

FreeBSD : powerdns -- Label decompression bug can cause crashes or CPU spikes (64e6006e-f009-11e4-98c6-000c292ee6b8)

high Nessus Plugin ID 83229

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The PowerDNS project reports :

A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. On some platforms, this bug can be abused to cause crashes. On all platforms, this bug can be abused to cause service-affecting CPU spikes.

Solution

Update the affected packages.

See Also

https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/

https://www.openwall.com/lists/oss-security/2015/07/10/8

http://www.nessus.org/u?49ff882b

Plugin Details

Severity: High

ID: 83229

File Name: freebsd_pkg_64e6006ef00911e498c6000c292ee6b8.nasl

Version: 2.7

Type: local

Published: 5/4/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:powerdns, p-cpe:/a:freebsd:freebsd:powerdns-recursor, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 5/1/2015

Vulnerability Publication Date: 4/23/2015

Reference Information

CVE: CVE-2015-1868, CVE-2015-5470