CVE-2005-2301 : PowerDNS before 2.9.18, when running with an LDAP backend, does not properly esc

PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.

Published 2005-07-19 04:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2005-2301

Powerdns » Powerdns » Version: 2.9.11
cpe:2.3:a:powerdns:powerdns:2.9.11:*:*:*:*:*:*:*
Matching versions
Powerdns » Powerdns » Version: 2.9.12
cpe:2.3:a:powerdns:powerdns:2.9.12:*:*:*:*:*:*:*
Matching versions
Powerdns » Powerdns » Version: 2.9.13
cpe:2.3:a:powerdns:powerdns:2.9.13:*:*:*:*:*:*:*
Matching versions
Powerdns » Powerdns » Version: 2.9.14
cpe:2.3:a:powerdns:powerdns:2.9.14:*:*:*:*:*:*:*
Matching versions
Powerdns » Powerdns » Version: 2.9.0
cpe:2.3:a:powerdns:powerdns:2.9.0:*:*:*:*:*:*:*
Matching versions
Powerdns » Powerdns » Version: 2.9.10
cpe:2.3:a:powerdns:powerdns:2.9.10:*:*:*:*:*:*:*
Matching versions
Powerdns » Powerdns » Version: 2.9.15
cpe:2.3:a:powerdns:powerdns:2.9.15:*:*:*:*:*:*:*
Matching versions
Powerdns » Powerdns » Version: 2.9.3a
cpe:2.3:a:powerdns:powerdns:2.9.3a:*:*:*:*:*:*:*
Matching versions
Powerdns » Powerdns » Version: 2.9.5
cpe:2.3:a:powerdns:powerdns:2.9.5:*:*:*:*:*:*:*
Matching versions
Powerdns » Powerdns » Version: 2.9.6
cpe:2.3:a:powerdns:powerdns:2.9.6:*:*:*:*:*:*:*
Matching versions
Powerdns » Powerdns » Version: 2.9.7
cpe:2.3:a:powerdns:powerdns:2.9.7:*:*:*:*:*:*:*
Matching versions
Powerdns » Powerdns » Version: 2.9.8
cpe:2.3:a:powerdns:powerdns:2.9.8:*:*:*:*:*:*:*
Matching versions
Powerdns » Powerdns » Version: 2.9.1
cpe:2.3:a:powerdns:powerdns:2.9.1:*:*:*:*:*:*:*
Matching versions
Powerdns » Powerdns » Version: 2.9.2
cpe:2.3:a:powerdns:powerdns:2.9.2:*:*:*:*:*:*:*
Matching versions
Powerdns » Powerdns » Version: 2.9.4
cpe:2.3:a:powerdns:powerdns:2.9.4:*:*:*:*:*:*:*
Matching versions
Powerdns » Powerdns » Version: 2.9.17
cpe:2.3:a:powerdns:powerdns:2.9.17:*:*:*:*:*:*:*
Matching versions
Powerdns » Powerdns » Version: 2.9.16
cpe:2.3:a:powerdns:powerdns:2.9.16:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2005-2301

Top countries where our scanners detected CVE-2005-2301

Top open port discovered on systems with this issue 53

IPs affected by CVE-2005-2301 20

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2005-2301!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2005-2301

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 20 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-2301

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2005-2301

http://www.securityfocus.com/bid/14290
http://securitytracker.com/id?1014504

GoDaddy Domain Name Search

CVEs referencing this url
http://www.novell.com/linux/security/advisories/2005_19_sr.html

Security - Support | SUSE

CVEs referencing this url
http://marc.info/?l=bugtraq&m=112155941310297&w=2

'PowerDNS 2.9.18 fixes two security issues affecting users of LDAP' - MARC

CVEs referencing this url
http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18

Changelogs

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2005-2301

Products affected by CVE-2005-2301

Threat overview for CVE-2005-2301

Exploit prediction scoring system (EPSS) score for CVE-2005-2301

CVSS scores for CVE-2005-2301

References for CVE-2005-2301