Vulnerabilities > CVE-2016-5426 - Resource Management Errors vulnerability in Powerdns Authoritative

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
powerdns
CWE-399
nessus

Summary

PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.

Vulnerable Configurations

Part Description Count
Application
Powerdns
60

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-627.NASL
    descriptionMultiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2016-5426 / CVE-2016-5427 Florian Heinz and Martin Kluge reported that the PowerDNS Authoritative Server accepts queries with a qname
    last seen2020-03-17
    modified2016-09-19
    plugin id93567
    published2016-09-19
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/93567
    titleDebian DLA-627-1 : pdns security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1103.NASL
    descriptionThis update for pdns fixes the following issues : - CVE-2016-5426, CVE-2016-5427: Fix case where crafted queries can cause unexpected backend load. (boo#998159)
    last seen2020-06-05
    modified2016-09-26
    plugin id93699
    published2016-09-26
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/93699
    titleopenSUSE Security Update : pdns (openSUSE-2016-1103)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3664.NASL
    descriptionMultiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-5426 / CVE-2016-5427 Florian Heinz and Martin Kluge reported that the PowerDNS Authoritative Server accepts queries with a qname
    last seen2020-06-01
    modified2020-06-02
    plugin id93419
    published2016-09-12
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93419
    titleDebian DSA-3664-1 : pdns - security update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-EFFFCC7AEC.NASL
    description - Update to 3.4.10 - CVE-2016-5426, CVE-2016-5427 Security advisory: https://docs.powerdns.com/md/security/powerdns-advisory-2016-01/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-10-06
    plugin id93890
    published2016-10-06
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93890
    titleFedora 23 : pdns (2016-efffcc7aec)