PowerDNS Security Advisory 2016-01: Crafted queries can cause unexpected backend load
    March 20, 2017, 5:52 a.m. Posted by: aka56

    PowerDNS Security Advisory 2016-01: Crafted queries can cause unexpected backend load


    • CVE: CVE-2016-5426, CVE-2016-5427

    • Date: 9th of September 2016

    • Credit: Florian Heinz and Martin Kluge

    • Affects: PowerDNS Authoritative Server up to and including 3.4.9

    • Not affected: PowerDNS Authoritative Server 3.4.10, 4.x

    • Severity: Medium

    • Impact: Degraded service or Denial of service

    • Exploit: This problem can be triggered by sending specially crafted query packets

    • Risk of system compromise: No

    • Solution: Upgrade to a non-affected version

    • Workaround: Run dnsdist with the rules provided below in front of potentially affected servers, or dimension the backend capacity so that it can handle the increased load.

     

    Selengkapnya dapat dibaca disini.