SB2019062417 - Improper Authorization in pdns (Alpine package)
Published: June 24, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper Authorization (CVE-ID: CVE-2019-10162)
CWE-ID: CWE-285 - Improper Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=d07daf002340b69050f8b8f14bc5e0acb32f5a1a
- https://git.alpinelinux.org/aports/commit/?id=d581004a130816a57ab1b24bc72f87f8640bf053
- https://git.alpinelinux.org/aports/commit/?id=e94f8bfe370e4ccfdef25da5172beb314a0333f2
- https://git.alpinelinux.org/aports/commit/?id=634dbf6dd0672c74aac2102c289cbecfb29472b4
- https://git.alpinelinux.org/aports/commit/?id=b8d81030dc9fbd092647bd1c73901b0c7cbcfb41