Vulnerabilities > CVE-2015-1868 - Resource Management Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2015-7033.NASL description - Update to 3.7.2 - CVE-2015-1868 External References: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-04 plugin id 83219 published 2015-05-04 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83219 title Fedora 22 : pdns-recursor-3.7.2-1.fc22 (2015-7033) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-7033. # include("compat.inc"); if (description) { script_id(83219); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-1868"); script_xref(name:"FEDORA", value:"2015-7033"); script_name(english:"Fedora 22 : pdns-recursor-3.7.2-1.fc22 (2015-7033)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Update to 3.7.2 - CVE-2015-1868 External References: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1213377" ); script_set_attribute( attribute:"see_also", value:"https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/156655.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2c9260ff" ); script_set_attribute( attribute:"solution", value:"Update the affected pdns-recursor package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pdns-recursor"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC22", reference:"pdns-recursor-3.7.2-1.fc22")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdns-recursor"); }NASL family Fedora Local Security Checks NASL id FEDORA_2015-7079.NASL description - Update to 3.7.2 - CVE-2015-1868 External References: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-04 plugin id 83222 published 2015-05-04 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83222 title Fedora 20 : pdns-recursor-3.7.2-1.fc20 (2015-7079) NASL family Fedora Local Security Checks NASL id FEDORA_2015-7057.NASL description - CVE-2015-1868 External References: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-04 plugin id 83221 published 2015-05-04 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83221 title Fedora 20 : pdns-3.3.1-3.fc20 (2015-7057) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_64E6006EF00911E498C6000C292EE6B8.NASL description The PowerDNS project reports : A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. On some platforms, this bug can be abused to cause crashes. On all platforms, this bug can be abused to cause service-affecting CPU spikes. last seen 2020-06-01 modified 2020-06-02 plugin id 83229 published 2015-05-04 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83229 title FreeBSD : powerdns -- Label decompression bug can cause crashes or CPU spikes (64e6006e-f009-11e4-98c6-000c292ee6b8) NASL family Fedora Local Security Checks NASL id FEDORA_2015-7031.NASL description - Update to 3.7.2 - CVE-2015-1868 External References: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-04 plugin id 83218 published 2015-05-04 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83218 title Fedora 21 : pdns-recursor-3.7.2-1.fc21 (2015-7031) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3306.NASL description Toshifumi Sakaguchi discovered that the patch applied to pdns, an authoritative DNS server, fixing CVE-2015-1868, was insufficient in some cases, allowing remote attackers to cause a denial of service (service-affecting CPU spikes and in some cases a crash). last seen 2020-06-01 modified 2020-06-02 plugin id 84649 published 2015-07-13 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84649 title Debian DSA-3306-1 : pdns - security update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3307.NASL description Toshifumi Sakaguchi discovered that the patch applied to pdns-recursor, a recursive DNS server, fixing CVE-2015-1868, was insufficient in some cases, allowing remote attackers to cause a denial of service (service-affecting CPU spikes and in some cases a crash). last seen 2020-06-01 modified 2020-06-02 plugin id 84650 published 2015-07-13 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84650 title Debian DSA-3307-1 : pdns-recursor - security update NASL family Fedora Local Security Checks NASL id FEDORA_2015-7047.NASL description - Update to 3.4.4 - CVE-2015-1868 Release notes: https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-3 44 External References: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-04 plugin id 83220 published 2015-05-04 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83220 title Fedora 21 : pdns-3.4.4-1.fc21 (2015-7047) NASL family DNS NASL id POWERDNS_RECURSOR_3_7_3.NASL description According to its self-reported version number, the version of the PowerDNS Recursor listening on the remote host is version 3.x prior to 3.7.3. It is, therefore, affected by a denial of service vulnerability due to improper validation of user-supplied input when handling self-referential names during label decompression. An unauthenticated, remote attacker can exploit this vulnerability, via crafted query packets, to crash the server. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 87952 published 2016-01-15 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87952 title PowerDNS Recursor 3.x < 3.7.3 Label Decompression DoS NASL family DNS NASL id POWERDNS_AUTHORITATIVE_3_4_5.NASL description According to its self-reported version number, the version of the PowerDNS Authoritative Server listening on the remote host is version 3.x prior to 3.4.5. It is, therefore, affected by a denial of service vulnerability due to improper validation of user-supplied input when handling self-referential names during label decompression. An unauthenticated, remote attacker can exploit this, via specially crafted query packets, to crash the server. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 87946 published 2016-01-15 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87946 title PowerDNS Authoritative Server 3.x < 3.4.5 Label Decompression Self-Referential Name Handling DoS NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-505.NASL description pdns, pdns-recursor were updated to fix two security issues. These security issues were fixed : - CVE-2015-1868: The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allowed remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself (bsc#927569). - CVE-2015-5470: Complete fix for CVE-2015-1868 (bsc#927569). last seen 2020-06-05 modified 2015-07-27 plugin id 84996 published 2015-07-27 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84996 title openSUSE Security Update : pdns / pdns-recursor (openSUSE-2015-505) NASL family Fedora Local Security Checks NASL id FEDORA_2015-7018.NASL description - Update to 3.4.4 - CVE-2015-1868 Release notes: https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-3 44 External References: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-04 plugin id 83217 published 2015-05-04 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83217 title Fedora 22 : pdns-3.4.4-1.fc22 (2015-7018)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156648.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156655.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156667.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156680.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156725.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156743.html
- http://www.debian.org/security/2015/dsa-3306
- http://www.debian.org/security/2015/dsa-3307
- http://www.securityfocus.com/bid/74306
- http://www.securitytracker.com/id/1032220