PowerDNS Multiple Vulnerabilities January 2010 Network Vulnerability

Summary

PowerDNS is prone to a remote cache-poisoning vulnerability and to a Buffer Overflow Vulnerability. An attacker can exploit the remote cache-poisoning vulnerability to divert data from a legitimate site to an attacker-specified site. Successful exploits will allow the attacker to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of- service attacks. Successfully exploiting of the Buffer Overflow vulnerability allows a remote attacker to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer. Failed exploits will cause a denial of service. PowerDNS 3.1.7.1 and earlier are vulnerable.

Solution

Updates are available. Please see the references for details.

References

http://doc.powerdns.com/powerdns-advisory-2010-02.html
http://www.powerdns.com/
http://www.securityfocus.com/archive/1/508743
http://www.securityfocus.com/bid/37650
http://www.securityfocus.com/bid/37653

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4009, CVE-2009-4010

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities -02 April 13 (Windows)
Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Windows)
Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Mac OS X)

PowerDNS multiple vulnerabilities January 2010

Take action and discover your vulnerabilities