Vulnerability Details : CVE-2008-3337
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
Vulnerability category: Input validation
Products affected by CVE-2008-3337
- cpe:2.3:a:powerdns:powerdns:*:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3337
0.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3337
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:P |
10.0
|
4.9
|
NIST |
CWE ids for CVE-2008-3337
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3337
-
http://doc.powerdns.com/powerdns-advisory-2008-02.html
404 Not Found
-
http://doc.powerdns.com/changelog.html
Changelogs
-
http://www.securityfocus.com/bid/30587
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/44253
PowerDNS query weak security CVE-2008-3337 Vulnerability Report
-
http://security.gentoo.org/glsa/glsa-200812-19.xml
PowerDNS: Multiple vulnerabilities (GLSA 200812-19) — Gentoo security
-
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html
[SECURITY] Fedora 8 Update: pdns-2.9.21.1-1.fc8
-
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html
[SECURITY] Fedora 9 Update: pdns-2.9.21.1-1.fc9
-
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
[security-announce] SUSE Security Summary Report SUSE-SR:2008:017 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html
[Pdns-users] Security update: PowerDNS Authoritative Server 2.9.21.1 releasedPatch
-
http://www.vupen.com/english/advisories/2008/2320
Site en construction
-
https://www.debian.org/security/2008/dsa-1628
Debian -- Security Information -- DSA-1628-1 pdns
Jump to