PowerDNS Recursor 3.x < 18.104.22.168 Multiple Vulnerabilities
Critical Nessus Plugin ID 87950
SynopsisThe remote name server is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the version of the PowerDNS Recursor listening on the remote host is version 3.x prior to 22.214.171.124. It is, therefore, affected by multiple vulnerabilities :
- A buffer overflow condition exists that allows a remote attacker, via crafted packets, to cause a daemon crash, resulting in a denial of service condition.
- An unspecified flaw exists that allows a remote attacker to spoof DNS data via crafted zones. (CVE-2009-4010)
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to PowerDNS Recursor 126.96.36.199 or later.