PowerDNS < 2.9.18 Multiple Vulnerabilities
Medium Nessus Plugin ID 87945
SynopsisThe remote name server is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the version of the PowerDNS service listening on the remote host is prior to 2.9.18. It is, therefore, affected by multiple vulnerabilities :
- A flaw exists due to improper escaping of LDAP queries.
A remote attacker can exploit this to cause a denial of service condition or to conduct LDAP injection attacks.
- A denial of service vulnerability exists when allowing recursion to a restricted range of IP addresses due to improper handling of questions from clients that are denied a recursion. An attacker can exploit this to prevent answers to those clients that are allowed to use recursion. (CVE-2005-2302)
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to PowerDNS version 2.9.18 or later.