SB2018101031 - Multiple vulnerabilities in PowerDNS Recursor
Published: October 10, 2018 Updated: June 21, 2025
Security Bulletin ID
SB2018101031
Severity
High
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2009-4009)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted packets.
2) Input validation error (CVE-ID: CVE-2009-4010)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS data via crafted zones.
Remediation
Install update from vendor's website.
References
- http://doc.powerdns.com/powerdns-advisory-2010-01.html
- http://secunia.com/advisories/38004
- http://secunia.com/advisories/38068
- http://securitytracker.com/id?1023403
- http://www.securityfocus.com/archive/1/508743/100/0/threaded
- http://www.securityfocus.com/bid/37650
- http://www.vupen.com/english/advisories/2010/0054
- https://bugzilla.redhat.com/show_bug.cgi?id=552285
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55438
- https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00217.html
- https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00228.html
- http://doc.powerdns.com/powerdns-advisory-2010-02.html
- http://securitytracker.com/id?1023404
- http://www.securityfocus.com/bid/37653
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55439