In association with heise online

14 November 2006, 12:36

DoS vulnerability in PowerDNS

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

PowerDNS, a DNS server used in settings such as the Wikipedia project, has been found to contain two bugs that attackers could use to provoke a denial of service attack, or even potentially plant malicious code. PowerDNS is a powerful DNS server that can address various backends and data sources like BIND or MySQL server for name resolution and which can temporarily store the results in memory for quicker delivery during repeated enquiries.

An invalid calculation of the length of DNS queries via TCP can lead PowerDNS to attempt to read up to 4 gigabytes of storage into a 64 kb buffer. Attackers can also potentially compromise a system. The DNS server can also be brought into an infinite loop through a CNAME loop, presuming no second CNAME entry exists.

The bug affects PowerDNS 3.1.3 and prior versions. The PowerDNS developers are now making the source code for version 3.1.4 available; affected administrators should install the update.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit