Table 1.6. PowerDNS Security Advisory
CVE | CVE-2009-4009 |
Date | 6th of January 2010 |
Affects | PowerDNS Recursor 3.1.7.1 and earlier |
Not affected | No versions of the PowerDNS Authoritative ('pdns_server') are affected. |
Severity | Critical |
Impact | Denial of Service, possible full system compromise |
Exploit | Withheld |
Solution | Upgrade to PowerDNS Recursor 3.1.7.2 or higher |
Workaround | None. The risk of exploitation or denial of service can be decreased slightly by using the 'allow-from' setting to only provide service to known users. The risk of a full system compromise can be reduced by running with a suitable reduced privilege user and group settings, and possibly chroot environment. |
Using specially crafted packets, it is possible to force a buffer overflow in the PowerDNS Recursor, leading to a crash.
This vulnerability was discovered by a third party that (for now) prefers not to be named. PowerDNS is very grateful however for their help in improving PowerDNS security.