SB2016122823 - Resource management error in PowerDNS Recursor
Published: December 28, 2016 Updated: June 21, 2025
Security Bulletin ID
SB2016122823
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2015-1868)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.
Remediation
Install update from vendor's website.
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156648.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156655.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156667.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156680.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156725.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156743.html
- http://www.debian.org/security/2015/dsa-3306
- http://www.debian.org/security/2015/dsa-3307
- http://www.securityfocus.com/bid/74306
- http://www.securitytracker.com/id/1032220