Vulnerabilities > CVE-2018-10851 - Missing Release of Resource after Effective Lifetime vulnerability in Powerdns Authoritative and Recursor

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
powerdns
CWE-772
nessus

Summary

PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.

Vulnerable Configurations

Part Description Count
Application
Powerdns
100

Common Attack Pattern Enumeration and Classification (CAPEC)

  • HTTP DoS
    An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-2FF7CDBB7B.NASL
    description - Update to 4.1.5 Release notes: https://blog.powerdns.com/2018/11/06/powerdns-authoritative-server-4-0 -6-4-1-5-and-recursor-4-0-9-4-1-5-released/ PowerDNS Security Advisory 2018-03 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a dvisory-2018-03.html) (CVE-2018-10851) PowerDNS Security Advisory 2018-05 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a dvisory-2018-05.html) (CVE-2018-14626) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120329
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120329
    titleFedora 28 : pdns (2018-2ff7cdbb7b)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-2ff7cdbb7b.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120329);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-10851", "CVE-2018-14626");
      script_xref(name:"FEDORA", value:"2018-2ff7cdbb7b");
    
      script_name(english:"Fedora 28 : pdns (2018-2ff7cdbb7b)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Update to 4.1.5
    
    Release notes:
    https://blog.powerdns.com/2018/11/06/powerdns-authoritative-server-4-0
    -6-4-1-5-and-recursor-4-0-9-4-1-5-released/
    
    PowerDNS Security Advisory 2018-03
    (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a
    dvisory-2018-03.html) (CVE-2018-10851)
    
    PowerDNS Security Advisory 2018-05
    (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a
    dvisory-2018-05.html) (CVE-2018-14626)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-2ff7cdbb7b"
      );
      # https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?56fddf39"
      );
      # https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?156cee5a"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected pdns package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pdns");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"pdns-4.1.5-1.fc28")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdns");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-C341B70641.NASL
    descriptionFixes CVE-2018-16855 (Crafted query can cause a denial of service) ---- New upstream release with security fixes for CVE-2018-10851, CVE-2018-14626 and CVE-2018-14644 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120764
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120764
    titleFedora 28 : pdns-recursor (2018-c341b70641)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-c341b70641.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120764);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-10851", "CVE-2018-14626", "CVE-2018-14644", "CVE-2018-16855");
      script_xref(name:"FEDORA", value:"2018-c341b70641");
    
      script_name(english:"Fedora 28 : pdns-recursor (2018-c341b70641)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fixes CVE-2018-16855 (Crafted query can cause a denial of service)
    
    ----
    
    New upstream release with security fixes for CVE-2018-10851,
    CVE-2018-14626 and CVE-2018-14644
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-c341b70641"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected pdns-recursor package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pdns-recursor");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"pdns-recursor-4.1.8-1.fc28")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdns-recursor");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-5A1E2759AA.NASL
    description - Update to 4.1.5 Release notes: https://blog.powerdns.com/2018/11/06/powerdns-authoritative-server-4-0 -6-4-1-5-and-recursor-4-0-9-4-1-5-released/ PowerDNS Security Advisory 2018-03 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a dvisory-2018-03.html) (CVE-2018-10851) PowerDNS Security Advisory 2018-05 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a dvisory-2018-05.html) (CVE-2018-14626) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-11-16
    plugin id119007
    published2018-11-16
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119007
    titleFedora 27 : pdns (2018-5a1e2759aa)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-5a1e2759aa.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119007);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-10851", "CVE-2018-14626");
      script_xref(name:"FEDORA", value:"2018-5a1e2759aa");
    
      script_name(english:"Fedora 27 : pdns (2018-5a1e2759aa)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Update to 4.1.5
    
    Release notes:
    https://blog.powerdns.com/2018/11/06/powerdns-authoritative-server-4-0
    -6-4-1-5-and-recursor-4-0-9-4-1-5-released/
    
    PowerDNS Security Advisory 2018-03
    (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a
    dvisory-2018-03.html) (CVE-2018-10851)
    
    PowerDNS Security Advisory 2018-05
    (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a
    dvisory-2018-05.html) (CVE-2018-14626)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-5a1e2759aa"
      );
      # https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?56fddf39"
      );
      # https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?156cee5a"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected pdns package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pdns");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC27", reference:"pdns-4.1.5-1.fc27")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdns");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_0AEE2F13EC1D11E88C926805CA2FA271.NASL
    descriptionPowerDNS Team reports : CVE-2018-10851: An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause a memory leak by inserting a specially crafted record in a zone under their control, then sending a DNS query for that record. The issue is due to the fact that some memory is allocated before the parsing and is not always properly released if the record is malformed. When the PowerDNS Authoritative Server is run inside the guardian (--guardian), or inside a supervisor like supervisord or systemd, an out-of-memory crash will lead to an automatic restart, limiting the impact to a somewhat degraded service. CVE-2018-14626: An issue has been found in PowerDNS Authoritative Server allowing a remote user to craft a DNS query that will cause an answer without DNSSEC records to be inserted into the packet cache and be returned to clients asking for DNSSEC records, thus hiding the presence of DNSSEC signatures for a specific qname and qtype. For a DNSSEC-signed domain, this means that DNSSEC validating clients will consider the answer to be bogus until it expires from the packet cache, leading to a denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id119056
    published2018-11-21
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119056
    titleFreeBSD : powerdns -- Multiple vulnerabilities (0aee2f13-ec1d-11e8-8c92-6805ca2fa271)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119056);
      script_version("1.2");
      script_cvs_date("Date: 2018/12/24 10:14:27");
    
      script_cve_id("CVE-2018-10851", "CVE-2018-14626");
    
      script_name(english:"FreeBSD : powerdns -- Multiple vulnerabilities (0aee2f13-ec1d-11e8-8c92-6805ca2fa271)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "PowerDNS Team reports :
    
    CVE-2018-10851: An issue has been found in PowerDNS Authoritative
    Server allowing an authorized user to cause a memory leak by inserting
    a specially crafted record in a zone under their control, then sending
    a DNS query for that record. The issue is due to the fact that some
    memory is allocated before the parsing and is not always properly
    released if the record is malformed. When the PowerDNS Authoritative
    Server is run inside the guardian (--guardian), or inside a supervisor
    like supervisord or systemd, an out-of-memory crash will lead to an
    automatic restart, limiting the impact to a somewhat degraded service.
    
    CVE-2018-14626: An issue has been found in PowerDNS Authoritative
    Server allowing a remote user to craft a DNS query that will cause an
    answer without DNSSEC records to be inserted into the packet cache and
    be returned to clients asking for DNSSEC records, thus hiding the
    presence of DNSSEC signatures for a specific qname and qtype. For a
    DNSSEC-signed domain, this means that DNSSEC validating clients will
    consider the answer to be bogus until it expires from the packet
    cache, leading to a denial of service."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://doc.powerdns.com/authoritative/changelog/4.1.html"
      );
      # https://vuxml.freebsd.org/freebsd/0aee2f13-ec1d-11e8-8c92-6805ca2fa271.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?848f599a"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:powerdns");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"powerdns<4.1.5")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1565.NASL
    descriptionThis update for pdns-recursor fixes the following issues : Security issues fixed : - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157). - CVE-2018-14644: Fixed denial of service via crafted query for meta-types (bsc#1114170). - CVE-2018-14626: Fixed packet cache pollution via crafted query (bsc#1114169). - CVE-2018-16855: Fixed case where a crafted query could cause a denial of service (bsc#1116592)
    last seen2020-06-05
    modified2018-12-18
    plugin id119738
    published2018-12-18
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119738
    titleopenSUSE Security Update : pdns-recursor (openSUSE-2018-1565)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-1565.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119738);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-10851", "CVE-2018-14626", "CVE-2018-14644", "CVE-2018-16855");
    
      script_name(english:"openSUSE Security Update : pdns-recursor (openSUSE-2018-1565)");
      script_summary(english:"Check for the openSUSE-2018-1565 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for pdns-recursor fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2018-10851: Fixed denial of service via crafted zone
        record or crafted answer (bsc#1114157).
    
      - CVE-2018-14644: Fixed denial of service via crafted
        query for meta-types (bsc#1114170).
    
      - CVE-2018-14626: Fixed packet cache pollution via crafted
        query (bsc#1114169).
    
      - CVE-2018-16855: Fixed case where a crafted query could
        cause a denial of service (bsc#1116592)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114157"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114169"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114170"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1116592"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected pdns-recursor packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns-recursor");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns-recursor-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns-recursor-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"pdns-recursor-4.1.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"pdns-recursor-debuginfo-4.1.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"pdns-recursor-debugsource-4.1.2-lp150.2.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdns-recursor / pdns-recursor-debuginfo / pdns-recursor-debugsource");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1564.NASL
    descriptionThis update for pdns-recursor fixes the following issues : Security issues fixed : - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157). - CVE-2018-14644: Fixed denial of service via crafted query for meta-types (bsc#1114170). - CVE-2018-14626: Fixed packet cache pollution via crafted query (bsc#1114169).
    last seen2020-06-05
    modified2018-12-18
    plugin id119737
    published2018-12-18
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119737
    titleopenSUSE Security Update : pdns-recursor (openSUSE-2018-1564)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-1564.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119737);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-10851", "CVE-2018-14626", "CVE-2018-14644");
    
      script_name(english:"openSUSE Security Update : pdns-recursor (openSUSE-2018-1564)");
      script_summary(english:"Check for the openSUSE-2018-1564 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for pdns-recursor fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2018-10851: Fixed denial of service via crafted zone
        record or crafted answer (bsc#1114157).
    
      - CVE-2018-14644: Fixed denial of service via crafted
        query for meta-types (bsc#1114170).
    
      - CVE-2018-14626: Fixed packet cache pollution via crafted
        query (bsc#1114169)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114157"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114169"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114170"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected pdns-recursor packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns-recursor");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns-recursor-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns-recursor-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"pdns-recursor-4.0.5-9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"pdns-recursor-debuginfo-4.0.5-9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"pdns-recursor-debugsource-4.0.5-9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdns-recursor / pdns-recursor-debuginfo / pdns-recursor-debugsource");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-989.NASL
    descriptionThis update for pdns fixes the following issues : Security issues fixed : - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157). - CVE-2018-14626: Fixed packet cache pollution via crafted query (bsc#1114169).
    last seen2020-06-01
    modified2020-06-02
    plugin id123406
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123406
    titleopenSUSE Security Update : pdns (openSUSE-2019-989)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-E14840A7F5.NASL
    descriptionFixes CVE-2018-16855 (Crafted query can cause a denial of service) ---- New upstream release with security fixes for CVE-2018-10851, CVE-2018-14626 and CVE-2018-14644 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120858
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120858
    titleFedora 29 : pdns-recursor (2018-e14840a7f5)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-988.NASL
    descriptionThis update for pdns-recursor fixes the following issues : Security issues fixed : - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157). - CVE-2018-14644: Fixed denial of service via crafted query for meta-types (bsc#1114170). - CVE-2018-14626: Fixed packet cache pollution via crafted query (bsc#1114169). - CVE-2018-16855: Fixed case where a crafted query could cause a denial of service (bsc#1116592)
    last seen2020-06-01
    modified2020-06-02
    plugin id123405
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123405
    titleopenSUSE Security Update : pdns-recursor (openSUSE-2019-988)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_E9AA0E4CEA8B11E8A5B700E04C1EA73D.NASL
    descriptionpowerdns Team reports : CVE-2018-10851: An issue has been found in PowerDNS Recursor allowing a malicious authoritative server to cause a memory leak by sending specially crafted records. The issue is due to the fact that some memory is allocated before the parsing and is not always properly released if the record is malformed. When the PowerDNS Recursor is run inside a supervisor like supervisord or systemd, an out-of-memory crash will lead to an automatic restart, limiting the impact to a somewhat degraded service. CVE-2018-14626: An issue has been found in PowerDNS Recursor allowing a remote user to craft a DNS query that will cause an answer without DNSSEC records to be inserted into the packet cache and be returned to clients asking for DNSSEC records, thus hiding the presence of DNSSEC signatures for a specific qname and qtype. For a DNSSEC-signed domain, this means that clients performing DNSSEC validation by themselves might consider the answer to be bogus until it expires from the packet cache, leading to a denial of service. CVE-2018-14644: An issue has been found in PowerDNS Recursor where a remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.
    last seen2020-06-01
    modified2020-06-02
    plugin id119021
    published2018-11-19
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119021
    titleFreeBSD : powerdns-recursor -- Multiple vulnerabilities (e9aa0e4c-ea8b-11e8-a5b7-00e04c1ea73d)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1594.NASL
    descriptionThis update for pdns fixes the following issues : Security issues fixed : - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157).
    last seen2020-06-05
    modified2018-12-24
    plugin id119862
    published2018-12-24
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119862
    titleopenSUSE Security Update : pdns (openSUSE-2018-1594)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1566.NASL
    descriptionThis update for pdns fixes the following issues : Security issues fixed : - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157). - CVE-2018-14626: Fixed packet cache pollution via crafted query (bsc#1114169).
    last seen2020-06-05
    modified2018-12-18
    plugin id119739
    published2018-12-18
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119739
    titleopenSUSE Security Update : pdns (openSUSE-2018-1566)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-85FC964DE8.NASL
    description - Update to 4.1.5 Release notes: https://blog.powerdns.com/2018/11/06/powerdns-authoritative-server-4-0 -6-4-1-5-and-recursor-4-0-9-4-1-5-released/ PowerDNS Security Advisory 2018-03 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a dvisory-2018-03.html) (CVE-2018-10851) PowerDNS Security Advisory 2018-05 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a dvisory-2018-05.html) (CVE-2018-14626) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120583
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120583
    titleFedora 29 : pdns (2018-85fc964de8)