Vulnerabilities > CVE-2008-5277 - Configuration vulnerability in Powerdns
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200812-19.NASL description The remote host is affected by the vulnerability described in GLSA-200812-19 (PowerDNS: Multiple vulnerabilities) Daniel Drown reported an error when receiving a HINFO CH query (CVE-2008-5277). Brian J. Dowling of Simplicity Communications discovered a previously unknown security implication of the PowerDNS behavior to not respond to certain queries it considers malformed (CVE-2008-3337). Impact : A remote attacker could send specially crafted queries to cause a Denial of Service. The second vulnerability in itself does not pose a security risk to PowerDNS Nameserver. However, not answering a query for an invalid DNS record within a valid domain allows for a larger spoofing window on third-party nameservers for domains being hosted by PowerDNS Nameserver itself. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 35244 published 2008-12-21 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35244 title GLSA-200812-19 : PowerDNS: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200812-19. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(35244); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2008-3337", "CVE-2008-5277"); script_bugtraq_id(30587); script_xref(name:"GLSA", value:"200812-19"); script_name(english:"GLSA-200812-19 : PowerDNS: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200812-19 (PowerDNS: Multiple vulnerabilities) Daniel Drown reported an error when receiving a HINFO CH query (CVE-2008-5277). Brian J. Dowling of Simplicity Communications discovered a previously unknown security implication of the PowerDNS behavior to not respond to certain queries it considers malformed (CVE-2008-3337). Impact : A remote attacker could send specially crafted queries to cause a Denial of Service. The second vulnerability in itself does not pose a security risk to PowerDNS Nameserver. However, not answering a query for an invalid DNS record within a valid domain allows for a larger spoofing window on third-party nameservers for domains being hosted by PowerDNS Nameserver itself. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200812-19" ); script_set_attribute( attribute:"solution", value: "All PowerDNS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-dns/pdns-2.9.21.2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(16, 20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:pdns"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/12/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-dns/pdns", unaffected:make_list("ge 2.9.21.2"), vulnerable:make_list("lt 2.9.21.2"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PowerDNS"); }NASL family DNS NASL id POWERDNS_CH_HINFO.NASL description According to its self-reported version number, the version of the PowerDNS service listening on the remote host is prior to 2.9.21.2. It is, therefore, affected by a denial of service vulnerability when processing specially crafted CH HINFO queries. A remote attacker can exploit this to crash the server. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 35375 published 2009-01-15 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35375 title PowerDNS Authoritative Server < 2.9.21.2 CH HINFO Query Handling DoS NASL family SuSE Local Security Checks NASL id SUSE_PDNS-5836.NASL description Remote attackers could crash pdnsd if the daemon was configured with distributor-threads=1. With the default configuration pdns is not affected by this problem (CVE-2008-5277). last seen 2020-06-01 modified 2020-06-02 plugin id 35028 published 2008-12-03 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35028 title openSUSE 10 Security Update : pdns (pdns-5836) NASL family SuSE Local Security Checks NASL id SUSE_11_0_PDNS-081202.NASL description Remote attackers could crash pdnsd if the daemon was configured with distributor-threads=1. With the default configuration pdns is not affected by this problem (CVE-2008-5277). last seen 2020-06-01 modified 2020-06-02 plugin id 40103 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40103 title openSUSE Security Update : pdns (pdns-355)
References
- http://doc.powerdns.com/powerdns-advisory-2008-03.html
- http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
- http://secunia.com/advisories/32979
- http://secunia.com/advisories/33264
- http://security.gentoo.org/glsa/glsa-200812-19.xml
- http://securitytracker.com/id?1021304
- http://www.securityfocus.com/bid/32627
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47076