#VU77910 Input validation error in dnsdist - CVE-2016-7069

Cybersecurity Help s.r.o.

Published: 2023-07-03

Vulnerability identifier: #VU77910

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-7069

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
dnsdist
Server applications / Other server solutions

Vendor: PowerDNS.COM B.V.

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

dnsdist: 1.0.0 - 1.1.0

External links
https://www.securityfocus.com/bid/100509
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7069
https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for dnsdist

Denial of service in dnsdist

Fedora 26 update for dnsdist

Fedora 25 update for dnsdist

Fedora EPEL 7 update for dnsdist