Main Vulnerability Database SB2017040319

SB2017040319 - Integer overflow in pdns (Alpine package)

Published: April 3, 2017

Security Bulletin ID SB2017040319

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Integer overflow (CVE-ID: CVE-2016-2120)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=3a479b103eb9d61f344de80e8293bbc27403ce40