CVE-2014-8601
published 2014-12-10CVE-2014-8601: PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via…
PriorityP339medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
73.53%
99.4th percentile
PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | pdns-recursor | < pdns-recursor 3.6.2-1 (bookworm) | pdns-recursor 3.6.2-1 (bookworm) |
| powerdns | recursor | <= 3.6.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Domains hosted by ezdns.it were used to demonstrate the unlimited delegation chaining attack against PowerDNS Recursor, triggering excessive referral loops and performance degradation (DoS). ↗
- →The attack vector is a remotely-supplied specially crafted domain name that causes PowerDNS Recursor to follow an unbounded delegation chain; monitor for recursive resolvers exhibiting abnormally high referral-follow counts or CPU spikes tied to a single query domain. ↗
- →Upstream patches for this specific issue are available at the PowerDNS patch repository path for advisory 2014-02; presence of unpatched pdns-recursor < 3.6.2 in an environment is a direct exposure indicator. ↗
- ·Vulnerability only affects PowerDNS Recursor versions before 3.6.2; fixed in 3.6.2-1 across Debian (bookworm, bullseye, forky, sid, trixie) and Fedora/EPEL packages. ↗
- ·The root cause is the absence of a delegation chain depth limit in the recursor; ensure the patched version enforces such a limit in its configuration. ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_redhat7.5HIGH
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cmfg-cqcc-qpqf: PowerDNS Recursor before 3
ghsa_unreviewed·2022-05-17
CVE-2014-8601 [MEDIUM] GHSA-cmfg-cqcc-qpqf: PowerDNS Recursor before 3
PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.
OSV
CVE-2014-8601: PowerDNS Recursor before 3
osv·2014-12-10·CVSS 5.0
CVE-2014-8601 [MEDIUM] CVE-2014-8601: PowerDNS Recursor before 3
PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.
Red Hat
php: xmlrpc ISO8601 date format parsing buffer overflow
vendor_redhat·2014-11-05·CVSS 7.5
CVE-2014-8626 [HIGH] CWE-121 php: xmlrpc ISO8601 date format parsing buffer overflow
php: xmlrpc ISO8601 date format parsing buffer overflow
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.
A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash or execute arbitrary code with the privileges of the user running that PHP application.
Statement: This issue did not affect php53 packages in Red Hat Enterprise Linux 5, php packages in Red Hat Enterprise Linux 6 and 7, and php5
Red Hat
php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
vendor_redhat·2014-10-14·CVSS 5.0
CVE-2014-3668 [MEDIUM] CWE-125 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.
An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash.
Statement: This issue did not affect the php packages as shipped with Red Hat Enterprise
Debian
CVE-2014-8601: pdns-recursor - PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows ...
vendor_debian·2014·CVSS 5.0
CVE-2014-8601 [MEDIUM] CVE-2014-8601: pdns-recursor - PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows ...
PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.
Scope: local
bookworm: resolved (fixed in 3.6.2-1)
bullseye: resolved (fixed in 3.6.2-1)
forky: resolved (fixed in 3.6.2-1)
sid: resolved (fixed in 3.6.2-1)
trixie: resolved (fixed in 3.6.2-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-8601 pdns-recursor: pdns: denial of service via specially crafted domain names [epel-all]
bugzilla·2014-12-09·CVSS 5.0
CVE-2014-8601 [MEDIUM] CVE-2014-8601 pdns-recursor: pdns: denial of service via specially crafted domain names [epel-all]
CVE-2014-8601 pdns-recursor: pdns: denial of service via specially crafted domain names [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multi
Bugzilla
CVE-2014-8601 pdns: denial of service via specially crafted domain names
bugzilla·2014-12-09·CVSS 5.0
CVE-2014-8601 [MEDIUM] CVE-2014-8601 pdns: denial of service via specially crafted domain names
CVE-2014-8601 pdns: denial of service via specially crafted domain names
A flaw was found in the way PowerDNS Recursor resolved certain specially crafted domain names. A remote attacked could use a specially crafted domain name that, when processed by PowerDNS Recursor, would affect the performance of PowerDNS, potentially resulting in a denial of service.
More information can be found in the upstream advisory:
http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/
Patches are available at:
https://downloads.powerdns.com/patches/2014-02/
Other references:
http://seclists.org/oss-sec/2014/q4/975
Discussion:
Created pdns-recursor tracking bugs for this issue:
Affects: fedora-all [bug 1172117]
Affects: epel-all [bug 1172118]
---
Fedora is not affected. We have already the
Bugzilla
CVE-2014-8601 pdns-recursor: pdns: denial of service via specially crafted domain names [fedora-all]
bugzilla·2014-12-09·CVSS 5.0
CVE-2014-8601 [MEDIUM] CVE-2014-8601 pdns-recursor: pdns: denial of service via specially crafted domain names [fedora-all]
CVE-2014-8601 pdns-recursor: pdns: denial of service via specially crafted domain names [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple
http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.htmlhttp://doc.powerdns.com/md/security/powerdns-advisory-2014-02/http://www.debian.org/security/2014/dsa-3096http://www.kb.cert.org/vuls/id/264212http://www.securityfocus.com/bid/71545http://www.securitytracker.com/id/1031310http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.htmlhttp://doc.powerdns.com/md/security/powerdns-advisory-2014-02/http://www.debian.org/security/2014/dsa-3096http://www.kb.cert.org/vuls/id/264212http://www.securityfocus.com/bid/71545http://www.securitytracker.com/id/1031310
2014-12-10
Published