#VU111734 Input validation error in PowerDNS Authoritative - CVE-2008-3337
Published: June 21, 2025
Vulnerability identifier: #VU111734
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U/U:Clear
CVE-ID: CVE-2008-3337
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
PowerDNS Authoritative
PowerDNS Authoritative
Software vendor:
PowerDNS.COM B.V.
PowerDNS.COM B.V.
Description
The vulnerability allows a remote attacker to perform DNS cache poisoning.
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers
Remediation
Install updates from vendor's website.
External links
- http://doc.powerdns.com/changelog.html
- http://doc.powerdns.com/powerdns-advisory-2008-02.html
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
- http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html
- http://secunia.com/advisories/31401
- http://secunia.com/advisories/31407
- http://secunia.com/advisories/31448
- http://secunia.com/advisories/31687
- http://secunia.com/advisories/33264
- http://security.gentoo.org/glsa/glsa-200812-19.xml
- http://www.securityfocus.com/bid/30587
- http://www.vupen.com/english/advisories/2008/2320
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44253
- https://www.debian.org/security/2008/dsa-1628
- https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html
- https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html