#VU32138 Integer overflow in PowerDNS - CVE-2016-2120

Cybersecurity Help s.r.o.

Published: 2018-11-01 | Updated: 2020-07-28

Vulnerability identifier: #VU32138

Vulnerability risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-2120

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PowerDNS
Server applications / DNS servers

Vendor: PowerDNS.COM B.V.

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PowerDNS: 3.4.0 - 3.4.10

External links
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120
https://www.debian.org/security/2017/dsa-3764

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Integer overflow in PowerDNS

Integer overflow in pdns (Alpine package)

Arch Linux update for powerdns