Allele Security Alert
ASA-2019-00388
Identifier(s)
ASA-2019-00388, CVE-2019-10162
Title
Denial of service via crafted zone records
Vendor(s)
PowerDNS
Product(s)
PowerDNS Authoritative Server
Affected version(s)
PowerDNS Authoritative Server up to and including 4.1.9
Fixed version(s)
PowerDNS Authoritative Server versions 4.1.10 and 4.0.8
Proof of concept
Unknown
Description
An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.
Technical details
Unknown
Credits
Gert van Dijk
Reference(s)
PowerDNS Security Advisory 2019-04: Denial of service via crafted zone records
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html
CVE-2019-10162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10162
CVE-2019-10162
https://nvd.nist.gov/vuln/detail/CVE-2019-10162
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: June 25, 2019