Debian Pdns vulnerabilities

CVE-2016-7073 [MEDIUM] CVE-2016-7073: pdns - An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recurs... An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack. Scope: local bookw

CVE-2016-7068 [MEDIUM] CVE-2016-7068: pdns - An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recurs... An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the Powe

CVE-2016-7074 [MEDIUM] CVE-2016-7074: pdns - An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recurs... An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG

CVE-2015-1868 [HIGH] CVE-2015-1868: pdns - The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3... The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself. Scope: local bookworm: resolved (fixed in 3.4.4-1) bu

CVE-2015-5230 [HIGH] CVE-2015-5230: pdns - The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Serv... The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets. Scope: local bookworm: resolved (fixed in 3.4.6-1) bullseye: resolved (fixed in 3.4.6-1) forky: resolved (fixed in 3.4.6-1) sid: resolved (fixed in 3.4.6-1) trixie: resolved (fixed in

CVE-2015-5470 [HIGH] CVE-2015-5470: pdns - The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.... The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-18

CVE-2015-5311 [MEDIUM] CVE-2015-5311: pdns - PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attack... PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets. Scope: local bookworm: resolved (fixed in 3.4.7-1) bullseye: resolved (fixed in 3.4.7-1) forky: resolved (fixed in 3.4.7-1) sid: resolved (fixed in 3.4.7-1) trixie: resolved (fixed in 3.4.7-1)

CVE-2012-0206 [MEDIUM] CVE-2012-0206: pdns - common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 an... common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response. Scope: local bookworm: resolved (fixed in 3.0-1.1) bullseye: resolved (fixed in 3.0-1.1) forky: resolved (fixed in 3.0-1.1) sid: resolved (fixed in 3.0-1.1) trixie: resolved

CVE-2008-3337 [MEDIUM] CVE-2008-3337: pdns - PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which mig... PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217. Scope: local bookworm: resolved (fixed in 2.9.21.1-1) bullseye: resolved (fixed in 2.9.21.1-1) forky: resolved (fixed in 2.9.21.1-1

CVE-2008-5277 [MEDIUM] CVE-2008-5277: pdns - PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (d... PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query. Scope: local bookworm: resolved (fixed in 2.9.21.2-1) bullseye: resolved (fixed in 2.9.21.2-1) forky: resolved (fixed in 2.9.21.2-1) sid: resolved (fixed in 2.9.21.2-1) trixie: resolved (fixed in 2.9.21.2-1)

CVE-2006-4251 [HIGH] CVE-2006-4251: pdns - Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attack... Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length. Scope: local bookworm: resolved (fixed in 2.9.20-4) bullseye: resolved (fixed in 2.9.20-4) forky: resolved (fixed in 2.9.20-4) sid: resolved (fixed in 2.9.20-

CVE-2006-4252 [MEDIUM] CVE-2006-4252: pdns - PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of... PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2005-0038 [MEDIUM] CVE-2005-0038: pdns - The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to... The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. Scope: local bookworm: resolved (fixed in 2.9.17-1) bullseye: resolved (fixed in 2.9.17-1) forky: resolved (fixed in 2.9.17-1) sid: resolved (fixed

CVE-2005-2302 [LOW] CVE-2005-2302: pdns - PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addr... PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion. Scope: local bookworm: resolved (fixed in 2.9.18-1) bullseye: resolved (fixed in 2.9.18-1) forky: resolved (fixed in

CVE-2005-0428 [MEDIUM] CVE-2005-0428: pdns - The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows re... The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes. Scope: local bookworm: resolved (fixed in 2.9.16-6) bullseye: resolved (fixed in 2.9.16-6) forky: resolved (fixed in 2.9.16-6) sid: resolved (fixed in 2.9.16-6) trixie: resolved (fixed in 2.9.16-6)

CVE-2005-2301 [MEDIUM] CVE-2005-2301: pdns - PowerDNS before 2.9.18, when running with an LDAP backend, does not properly esc... PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack. Scope: local bookworm: resolved (fixed in 2.9.18-1) bullseye: resolved (fixed in 2.9.18-1) forky: resolved (fixed in 2.9.18-1) sid: