Vulnerabilities > CVE-2005-0428 - Unspecified vulnerability in Powerdns 2.0Rc1/2.8/2.9.15

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
powerdns
nessus

Summary

The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes.

Vulnerable Configurations

Part Description Count
Application
Powerdns
3

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200502-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200502-15 (PowerDNS: Denial of Service vulnerability) A vulnerability has been reported in the DNSPacket::expand method of dnspacket.cc. Impact : An attacker could cause a temporary Denial of Service by sending a random stream of bytes to the PowerDNS Daemon. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id16452
    published2005-02-14
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16452
    titleGLSA-200502-15 : PowerDNS: Denial of Service vulnerability
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_5A5422FD7E1A11D9A9E70001020EED82.NASL
    descriptionPowerDNS is vulnerable to a temporary denial-of-service vulnerability that can be triggered using a random stream of bytes.
    last seen2020-06-01
    modified2020-06-02
    plugin id18945
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18945
    titleFreeBSD : powerdns -- DoS vulnerability (5a5422fd-7e1a-11d9-a9e7-0001020eed82)
  • NASL familyDNS
    NASL idPOWERDNS_2_9_17.NASL
    descriptionAccording to its self-reported version number, the version of the PowerDNS service listening on the remote host is prior to 2.9.17. It is, therefore, affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists due to a flaw that is triggered when the server receives a compressed DNS packet with a label length byte with an incorrect offset. A remote attacker can exploit this to trigger an infinite loop, resulting in a denial of service condition. (CVE-2005-0038) - An unspecified flaw exists in the DNSPacket::expand() method in dnspacket.cc. A emote attacker can exploit flaw, by sending a random stream of bytes, to cause a denial of service condition. (CVE-2005-0428) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id87944
    published2016-01-15
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/87944
    titlePowerDNS < 2.9.17 Multiple DoS