The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Powerdns | Powerdns | * | 2.9.16 (including) |
| Powerdns | Powerdns | 2.0_rc1 (including) | 2.0_rc1 (including) |
| Powerdns | Powerdns | 2.8 (including) | 2.8 (including) |
| Powerdns | Powerdns | 2.9.0 (including) | 2.9.0 (including) |
| Powerdns | Powerdns | 2.9.1 (including) | 2.9.1 (including) |
| Powerdns | Powerdns | 2.9.2 (including) | 2.9.2 (including) |
| Powerdns | Powerdns | 2.9.3a (including) | 2.9.3a (including) |
| Powerdns | Powerdns | 2.9.4 (including) | 2.9.4 (including) |
| Powerdns | Powerdns | 2.9.5 (including) | 2.9.5 (including) |
| Powerdns | Powerdns | 2.9.6 (including) | 2.9.6 (including) |
| Powerdns | Powerdns | 2.9.7 (including) | 2.9.7 (including) |
| Powerdns | Powerdns | 2.9.8 (including) | 2.9.8 (including) |
| Powerdns | Powerdns | 2.9.10 (including) | 2.9.10 (including) |
| Powerdns | Powerdns | 2.9.11 (including) | 2.9.11 (including) |
| Powerdns | Powerdns | 2.9.12 (including) | 2.9.12 (including) |
| Powerdns | Powerdns | 2.9.13 (including) | 2.9.13 (including) |
| Powerdns | Powerdns | 2.9.14 (including) | 2.9.14 (including) |
| Powerdns | Powerdns | 2.9.15 (including) | 2.9.15 (including) |
| Pdns | Ubuntu | upstream | * |
References
- http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html
- http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en
- http://www.osvdb.org/25291
- http://www.securityfocus.com/bid/13729
- http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html
- http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en
- http://www.osvdb.org/25291
- http://www.securityfocus.com/bid/13729