Vulnerabilities > CVE-2015-5470 - Resource Management Errors vulnerability in Powerdns Authoritative and Recursor
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_64E6006EF00911E498C6000C292EE6B8.NASL description The PowerDNS project reports : A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. On some platforms, this bug can be abused to cause crashes. On all platforms, this bug can be abused to cause service-affecting CPU spikes. last seen 2020-06-01 modified 2020-06-02 plugin id 83229 published 2015-05-04 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83229 title FreeBSD : powerdns -- Label decompression bug can cause crashes or CPU spikes (64e6006e-f009-11e4-98c6-000c292ee6b8) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3306.NASL description Toshifumi Sakaguchi discovered that the patch applied to pdns, an authoritative DNS server, fixing CVE-2015-1868, was insufficient in some cases, allowing remote attackers to cause a denial of service (service-affecting CPU spikes and in some cases a crash). last seen 2020-06-01 modified 2020-06-02 plugin id 84649 published 2015-07-13 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84649 title Debian DSA-3306-1 : pdns - security update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3307.NASL description Toshifumi Sakaguchi discovered that the patch applied to pdns-recursor, a recursive DNS server, fixing CVE-2015-1868, was insufficient in some cases, allowing remote attackers to cause a denial of service (service-affecting CPU spikes and in some cases a crash). last seen 2020-06-01 modified 2020-06-02 plugin id 84650 published 2015-07-13 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84650 title Debian DSA-3307-1 : pdns-recursor - security update NASL family DNS NASL id POWERDNS_RECURSOR_3_7_3.NASL description According to its self-reported version number, the version of the PowerDNS Recursor listening on the remote host is version 3.x prior to 3.7.3. It is, therefore, affected by a denial of service vulnerability due to improper validation of user-supplied input when handling self-referential names during label decompression. An unauthenticated, remote attacker can exploit this vulnerability, via crafted query packets, to crash the server. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 87952 published 2016-01-15 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87952 title PowerDNS Recursor 3.x < 3.7.3 Label Decompression DoS NASL family DNS NASL id POWERDNS_AUTHORITATIVE_3_4_5.NASL description According to its self-reported version number, the version of the PowerDNS Authoritative Server listening on the remote host is version 3.x prior to 3.4.5. It is, therefore, affected by a denial of service vulnerability due to improper validation of user-supplied input when handling self-referential names during label decompression. An unauthenticated, remote attacker can exploit this, via specially crafted query packets, to crash the server. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 87946 published 2016-01-15 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87946 title PowerDNS Authoritative Server 3.x < 3.4.5 Label Decompression Self-Referential Name Handling DoS NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-505.NASL description pdns, pdns-recursor were updated to fix two security issues. These security issues were fixed : - CVE-2015-1868: The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allowed remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself (bsc#927569). - CVE-2015-5470: Complete fix for CVE-2015-1868 (bsc#927569). last seen 2020-06-05 modified 2015-07-27 plugin id 84996 published 2015-07-27 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84996 title openSUSE Security Update : pdns / pdns-recursor (openSUSE-2015-505)