Input validation error in PowerDNS Authoritative - CVE-2008-3337
Published: June 21, 2025
Vulnerability identifier: #VU111734
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U/U:Clear
CVE-ID: CVE-2008-3337
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: PowerDNS.COM B.V.
Affected software:
PowerDNS Authoritative
PowerDNS Authoritative
Detailed vulnerability description
The vulnerability allows a remote attacker to perform DNS cache poisoning.
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers
How to mitigate CVE-2008-3337
Install updates from vendor's website.
Sources
- http://doc.powerdns.com/changelog.html
- http://doc.powerdns.com/powerdns-advisory-2008-02.html
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
- http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html
- http://secunia.com/advisories/31401
- http://secunia.com/advisories/31407
- http://secunia.com/advisories/31448
- http://secunia.com/advisories/31687
- http://secunia.com/advisories/33264
- http://security.gentoo.org/glsa/glsa-200812-19.xml
- http://www.securityfocus.com/bid/30587
- http://www.vupen.com/english/advisories/2008/2320
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44253
- https://www.debian.org/security/2008/dsa-1628
- https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html
- https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html