Remote Code Execution Vulnerability in PowerDNS Authoritative Server by PowerDNS
CVE-2019-10163

3.5LOW

Key Information:

Vendor

Powerdns

Status
Pdns
Vendor
CVE Published:
30 July 2019

What is CVE-2019-10163?

A vulnerability in the PowerDNS Authoritative Server allows a remote, authorized master server to erroneously trigger a significant CPU load and disrupt further updates to any slave zone. This occurs when an attacker sends an excessive number of NOTIFY messages to slave servers. It is essential for system administrators using PowerDNS to be aware of this issue, especially those operating versions prior to 4.1.9 and 4.0.8, as only servers configured as slaves are susceptible.

Affected Version(s)

pdns fixed in 4.1.9

pdns fixed in 4.0.8

References

http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE
https://blog.powerdns.com/2019/06/21/powerdns-authoritati...
x_refsource_CONFIRM

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.