ID de Prueba:	1.3.6.1.4.1.25623.1.0.112375
Categoría:	Denial of Service
Título:	PowerDNS Security Advisory 2016-02: Crafted queries can cause abnormal CPU usage
Resumen:	An issue has been found in PowerDNS allowing a remote,; unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending; crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded.
Descripción:	Summary: An issue has been found in PowerDNS allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. Vulnerability Insight: This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour. This issue has been assigned CVE-2016-7068. Affected Software/OS: PowerDNS Authoritative Server up to and including 3.4.10 and 4.0.1 are affected. PowerDNS Recursor up to and including 3.7.3 and 4.0.3 are affected. Solution: Update PowerDNS Authoritative Server to version 3.4.11 or 4.0.2 respectively. Update PowerDNS Recursor to 3.7.4 or 4.0.4 respectively. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7068 Debian Security Information: DSA-3763 (Google Search) https://www.debian.org/security/2017/dsa-3763 Debian Security Information: DSA-3764 (Google Search) https://www.debian.org/security/2017/dsa-3764
Copyright	Copyright (C) 2018 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.