CVE-2015-1868
First published: Mon May 18 2015(Updated: )
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PowerDNS | =3.2 | |
| PowerDNS | =3.3 | |
| PowerDNS | =3.3.1 | |
| PowerDNS | =3.3.2 | |
| PowerDNS | =3.4.0 | |
| PowerDNS | =3.4.1 | |
| PowerDNS | =3.4.3 | |
| Fedora | =20 | |
| Fedora | =21 | |
| Fedora | =22 | |
| PowerDNS | =3.5 | |
| PowerDNS | =3.5.1 | |
| PowerDNS | =3.5.2 | |
| PowerDNS | =3.5.3 | |
| PowerDNS | =3.6.0 | |
| PowerDNS | =3.6.1 | |
| PowerDNS | =3.6.2 | |
| PowerDNS | =3.6.3 | |
| PowerDNS | =3.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156648.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156655.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156667.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156680.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156725.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156743.html
- http://www.debian.org/security/2015/dsa-3306
- http://www.debian.org/security/2015/dsa-3307
- http://www.securityfocus.com/bid/74306
- http://www.securitytracker.com/id/1032220
Frequently Asked Questions
What is the severity of CVE-2015-1868?
CVE-2015-1868 is classified as a denial of service vulnerability due to high CPU consumption or crashes.
How do I fix CVE-2015-1868?
To fix CVE-2015-1868, upgrade PowerDNS Recursor to version 3.6.3 or later, and Authoritative Server to version 3.3.2 or later.
Which versions of PowerDNS are affected by CVE-2015-1868?
CVE-2015-1868 affects PowerDNS Recursor versions 3.5.x, 3.6.x prior to 3.6.3, and 3.7.x prior to 3.7.2; and Authoritative Server versions 3.2.x, 3.3.x prior to 3.3.2, and 3.4.x prior to 3.4.4.
What could an attacker achieve by exploiting CVE-2015-1868?
An attacker exploiting CVE-2015-1868 can cause a denial of service condition, impacting service availability.
Are there any workarounds for CVE-2015-1868?
There are no specific workarounds for CVE-2015-1868; users are advised to upgrade to the fixed versions.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/powerdns
- canonical/powerdns
- version/powerdns/3.2
- version/powerdns/3.3
- version/powerdns/3.3.1
- version/powerdns/3.3.2
- version/powerdns/3.4.0
- version/powerdns/3.4.1
- version/powerdns/3.4.3
- vendor/fedoraproject
- canonical/fedora
- version/fedora/20
- version/fedora/21
- version/fedora/22
- version/powerdns/3.5
- version/powerdns/3.5.1
- version/powerdns/3.5.2
- version/powerdns/3.5.3
- version/powerdns/3.6.0
- version/powerdns/3.6.1
- version/powerdns/3.6.2
- version/powerdns/3.6.3
- version/powerdns/3.7.1