ASA-2018-00035 – PowerDNS: Crafted zone record and crafted answer can cause a denial of service

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2018-00035

Identifier(s)

ASA-2018-00035, CVE-2018-10851

Title

Crafted zone record and crafted answer can cause a denial of service

Vendor(s)

PowerDNS

Product(s)

PowerDNS Recursor

PowerDNS Authoritative

Affected version(s)

PowerDNS Authoritative from 3.3.0 up to and including 4.1.4

PowerDNS Recursor from 3.2 up to and including 4.1.4

Fixed version(s)

PowerDNS Authoritative 4.1.5, 4.0.6

PowerDNS Recursor 4.1.5, 4.0.9

Proof of concept

Unknown

Description

An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause a memory leak by inserting a specially crafted record in a zone under their control, then sending a DNS query for that record.

An issue has been found in PowerDNS Recursor allowing a malicious authoritative server to cause a memory leak by sending specially crafted records.

The issue is due to the fact that some memory is allocated before the parsing and is not always properly released if the record is malformed.

When the PowerDNS Authoritative Server or PowerDNS Recursor is run inside the guardian (–guardian), or inside a supervisor like supervisord or systemd, an out-of-memory crash will lead to an automatic restart, limiting the impact to a somewhat degraded service.

Reference(s)

PowerDNS Security Advisories 2018-03, 2018-04, 2018-05, 2018-06 and 2018-07
https://seclists.org/oss-sec/2018/q4/137

PowerDNS Security Advisory 2018-03: Crafted zone record can cause a denial of service
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html

PowerDNS Security Advisory 2018-04: Crafted answer can cause a denial of service
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html

CVE-2018-10851-auth-4.0.5.patch
https://downloads.powerdns.com/patches/2018-03/CVE-2018-10851-auth-4.0.5.patch

CVE-2018-10851-auth-4.1.4.patch
https://downloads.powerdns.com/patches/2018-03/CVE-2018-10851-auth-4.1.4.patch

CVE-2018-10851-rec-4.0.8.patch
https://downloads.powerdns.com/patches/2018-04/CVE-2018-10851-rec-4.0.8.patch

CVE-2018-10851-rec-4.1.4.patch
https://downloads.powerdns.com/patches/2018-04/CVE-2018-10851-rec-4.1.4.patch

CVE-2018-10851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10851

CVE-2018-10851
https://nvd.nist.gov/vuln/detail/CVE-2018-10851

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: November 8, 2018

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.