CVE Vulnerabilities

CVE-2018-14626

Uncontrolled Resource Consumption

Published: Nov 29, 2018 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.

Weakness

The product does not properly control the allocation and maintenance of a limited resource.

Affected Software

Name Vendor Start Version End Version
Authoritative Powerdns 4.1.0 (including) 4.1.4 (including)
Recursor Powerdns 4.0.0 (including) 4.1.4 (including)
Pdns Ubuntu bionic *
Pdns Ubuntu cosmic *
Pdns Ubuntu disco *
Pdns Ubuntu eoan *
Pdns Ubuntu esm-apps/bionic *
Pdns Ubuntu groovy *
Pdns Ubuntu hirsute *
Pdns Ubuntu impish *
Pdns Ubuntu kinetic *
Pdns Ubuntu lunar *
Pdns Ubuntu mantic *
Pdns Ubuntu trusty *
Pdns Ubuntu upstream *
Pdns Ubuntu xenial *
Pdns-recursor Ubuntu bionic *
Pdns-recursor Ubuntu cosmic *
Pdns-recursor Ubuntu disco *
Pdns-recursor Ubuntu esm-apps/bionic *
Pdns-recursor Ubuntu esm-apps/xenial *
Pdns-recursor Ubuntu trusty *
Pdns-recursor Ubuntu upstream *
Pdns-recursor Ubuntu xenial *

Potential Mitigations

  • Mitigation of resource exhaustion attacks requires that the target system either:

  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.

  • The second solution is simply difficult to effectively institute – and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.

References