Vulnerabilities > CVE-2006-2069 - Resource Management Errors vulnerability in Powerdns 3.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family DNS NASL id POWERDNS_RECURSOR_3_0_1.NASL description According to its self-reported version number, the version of the PowerDNS Recursor listening on the remote host is version 3.x prior to 3.0.1. It is, therefore, affected by a denial of service vulnerability due to improper processing of Extension Mechanisms for DNS (EDNS0) packets. A remote attacker can exploit this vulnerability, via specially crafted EDNS0 packets, to cause an application crash, resulting in a denial of service condition. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 87948 published 2016-01-15 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87948 title PowerDNS Recursor 3.x < 3.0.1 EDNS0 DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(87948); script_version("1.3"); script_cvs_date("Date: 2018/07/25 18:58:03"); script_cve_id("CVE-2006-2069"); script_bugtraq_id(17711); script_name(english:"PowerDNS Recursor 3.x < 3.0.1 EDNS0 DoS"); script_summary(english:"Checks the PowerDNS Recursor version."); script_set_attribute(attribute:"synopsis", value: "The remote name server is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the version of the PowerDNS Recursor listening on the remote host is version 3.x prior to 3.0.1. It is, therefore, affected by a denial of service vulnerability due to improper processing of Extension Mechanisms for DNS (EDNS0) packets. A remote attacker can exploit this vulnerability, via specially crafted EDNS0 packets, to cause an application crash, resulting in a denial of service condition. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number. Also, Nessus has not checked for the presence of the patch."); script_set_attribute(attribute:"see_also", value:"https://doc.powerdns.com/md/changelog/#recursor-version-301"); script_set_attribute(attribute:"solution", value: "Upgrade to PowerDNS Recursor 3.0.1 or later. Alternatively, apply the patch referenced in the vendor advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date",value:"2006/04/25"); script_set_attribute(attribute:"patch_publication_date",value:"2006/04/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/15"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:powerdns:powerdns"); script_set_attribute(attribute:"cpe", value:"cpe:/a:powerdns:recursor"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc."); script_family(english:"DNS"); script_dependencies("pdns_version.nasl"); script_require_keys("pdns/version", "pdns/version_full", "pdns/version_source", "pdns/type", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); app_name = "PowerDNS Recursor"; version_source = get_kb_item_or_exit("pdns/version_source"); version_full = get_kb_item_or_exit("pdns/version_full"); version = get_kb_item_or_exit("pdns/version"); fix = '3.0.1'; port = 53; # Only the Recursor is affected type = get_kb_item_or_exit("pdns/type"); if (type != 'recursor') audit(AUDIT_NOT_LISTEN, app_name, port, "UDP"); if (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_APP_VER, app_name); if (report_paranoia < 2) audit(AUDIT_PARANOID); if (version !~ "^3\." || (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0)) audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version_full, "UDP"); if (report_verbosity > 0) { report = '\n Version source : ' + version_source + '\n Installed version : ' + version_full + '\n Fixed version : ' + fix + '\n'; security_warning(port:port, proto:"udp", extra:report); } else security_warning(port:port, proto:"udp");NASL family SuSE Local Security Checks NASL id SUSE_PDNS-1314.NASL description Remote attackers could crash the pdns server by sending malformed packets (CVE-2006-2069). last seen 2020-06-01 modified 2020-06-02 plugin id 27385 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27385 title openSUSE 10 Security Update : pdns (pdns-1314) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update pdns-1314. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27385); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-2069"); script_name(english:"openSUSE 10 Security Update : pdns (pdns-1314)"); script_summary(english:"Check for the pdns-1314 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Remote attackers could crash the pdns server by sending malformed packets (CVE-2006-2069)." ); script_set_attribute(attribute:"solution", value:"Update the affected pdns package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"pdns-2.9.19-13.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdns"); }
References
- http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-0-1
- http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
- http://secunia.com/advisories/19831
- http://secunia.com/advisories/20117
- http://www.securityfocus.com/bid/17711
- http://www.vupen.com/english/advisories/2006/1527
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26100