6. PowerDNS Security Advisory 2006-02: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space, and crash

Table 1.2. PowerDNS Security Advisory

CVE CVE-2006-4252
Date 13th of November 2006
Affects PowerDNS Recursor versions 3.1.3 and earlier, on all operating systems.
Not affected No versions of the PowerDNS Authoritative Server ('pdns_server') are affected.
Severity Moderate
Impact Denial of service
Exploit This problem can be triggered by sending queries for specifically configured domains
Solution Upgrade to PowerDNS Recursor 3.1.4, or apply commit 919.
Workaround None known. Exposure can be limited by configuring the allow-from setting so only trusted users can query your nameserver.


PowerDNS would recurse endlessly on encountering a CNAME loop consisting entirely of zero second CNAME records, eventually exceeding resources and crashing.