SB2019081540 - OpenSUSE Linux update for pdns

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019081540

SB2019081540 - OpenSUSE Linux update for pdns

Published: August 15, 2019

Security Bulletin ID SB2019081540
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Improper Authorization (CVE-ID: CVE-2019-10162)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.


2) Resource exhaustion (CVE-ID: CVE-2019-10163)

The vulnerability allows a remote authenticated user to perform service disruption.

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.


3) Resource exhaustion (CVE-ID: CVE-2019-10203)

The vulnerability allows a remote authenticated user to perform service disruption.

PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.


Remediation

Install update from vendor's website.

References