The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Authoritative | Powerdns | 3.2 (including) | 3.2 (including) |
| Authoritative | Powerdns | 3.3 (including) | 3.3 (including) |
| Authoritative | Powerdns | 3.3.1 (including) | 3.3.1 (including) |
| Authoritative | Powerdns | 3.3.2 (including) | 3.3.2 (including) |
| Authoritative | Powerdns | 3.4.0 (including) | 3.4.0 (including) |
| Authoritative | Powerdns | 3.4.1 (including) | 3.4.1 (including) |
| Authoritative | Powerdns | 3.4.3 (including) | 3.4.3 (including) |
| Pdns | Ubuntu | lucid | * |
| Pdns | Ubuntu | trusty | * |
| Pdns | Ubuntu | upstream | * |
| Pdns | Ubuntu | utopic | * |
| Pdns | Ubuntu | vivid | * |
| Pdns-recursor | Ubuntu | lucid | * |
| Pdns-recursor | Ubuntu | trusty | * |
| Pdns-recursor | Ubuntu | upstream | * |
| Pdns-recursor | Ubuntu | utopic | * |
| Pdns-recursor | Ubuntu | vivid | * |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156648.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156655.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156667.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156680.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156725.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156743.html
- http://www.debian.org/security/2015/dsa-3306
- http://www.debian.org/security/2015/dsa-3307
- http://www.securityfocus.com/bid/74306
- http://www.securitytracker.com/id/1032220
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156648.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156655.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156667.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156680.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156725.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156743.html
- http://www.debian.org/security/2015/dsa-3306
- http://www.debian.org/security/2015/dsa-3307
- http://www.securityfocus.com/bid/74306
- http://www.securitytracker.com/id/1032220