Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.100433 |
Category: | General |
Title: | PowerDNS Recursor multiple vulnerabilities - Jan10 |
Summary: | PowerDNS Recursor is prone to a remote cache-poisoning vulnerability and to a; Buffer Overflow Vulnerability. |
Description: | Summary: PowerDNS Recursor is prone to a remote cache-poisoning vulnerability and to a Buffer Overflow Vulnerability. Vulnerability Impact: An attacker can exploit the remote cache-poisoning vulnerability to divert data from a legitimate site to an attacker-specified site. Successful exploits will allow the attacker to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of- service attacks. Successfully exploiting of the Buffer Overflow vulnerability allows a remote attacker to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer. Failed exploits will cause a denial of service. Affected Software/OS: PowerDNS Recursor 3.1.7.1 and earlier are vulnerable. Solution: Updates are available. Please see the references for details. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
BugTraq ID: 37653 BugTraq ID: 37650 Common Vulnerability Exposure (CVE) ID: CVE-2009-4010 http://www.securityfocus.com/bid/37653 Bugtraq: 20100106 Critical PowerDNS Recursor Security Vulnerabilities: please upgrade ASAP to 3.1.7.2 (Google Search) http://www.securityfocus.com/archive/1/508743/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00217.html https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00228.html http://securitytracker.com/id?1023404 http://secunia.com/advisories/38004 http://secunia.com/advisories/38068 http://www.vupen.com/english/advisories/2010/0054 XForce ISS Database: powerdns-zones-spoofing(55439) https://exchange.xforce.ibmcloud.com/vulnerabilities/55439 Common Vulnerability Exposure (CVE) ID: CVE-2009-4009 http://www.securityfocus.com/bid/37650 http://securitytracker.com/id?1023403 XForce ISS Database: powerdns-unspecified-bo(55438) https://exchange.xforce.ibmcloud.com/vulnerabilities/55438 |
Copyright | This script is Copyright (C) 2010 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |