ASA-2019-00388 – PowerDNS: Denial of service via crafted zone records


Allele Security Alert

ASA-2019-00388

Identifier(s)

ASA-2019-00388, CVE-2019-10162

Title

Denial of service via crafted zone records

Vendor(s)

PowerDNS

Product(s)

PowerDNS Authoritative Server

Affected version(s)

PowerDNS Authoritative Server up to and including 4.1.9

Fixed version(s)

PowerDNS Authoritative Server versions 4.1.10 and 4.0.8

Proof of concept

Unknown

Description

An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.

Technical details

Unknown

Credits

Gert van Dijk

Reference(s)

PowerDNS Security Advisory 2019-04: Denial of service via crafted zone records
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html

CVE-2019-10162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10162

CVE-2019-10162
https://nvd.nist.gov/vuln/detail/CVE-2019-10162

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: June 25, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.