Vulnerability Details : CVE-2009-4009
Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted packets.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2009-4009
- cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:2.9.15:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:2.9.16:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:2.0_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:2.9.17:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:2.9.18:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.1.6:*:*:*:*:*:*:*
Threat overview for CVE-2009-4009
Top countries where our scanners detected CVE-2009-4009
Top open port discovered on systems with this issue
53
IPs affected by CVE-2009-4009 18
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-4009!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-4009
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-4009
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2009-4009
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-4009
-
http://doc.powerdns.com/powerdns-advisory-2010-01.html
404 Not Found
-
http://www.vupen.com/english/advisories/2010/0054
Site en constructionVendor Advisory
-
http://secunia.com/advisories/38004
About Secunia Research | Flexera
-
https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00228.html
[SECURITY] Fedora 12 Update: pdns-recursor-3.1.7.2-1.fc12
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/55438
PowerDNS Recursor unspecified buffer overflow CVE-2009-4009 Vulnerability Report
-
https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00217.html
[SECURITY] Fedora 11 Update: pdns-recursor-3.1.7.2-1.fc11
-
http://www.securityfocus.com/archive/1/508743/100/0/threaded
-
https://bugzilla.redhat.com/show_bug.cgi?id=552285
552285 – (CVE-2009-4009, CVE-2009-4010) CVE-2009-4009 CVE-2009-4010 PowerDNS Recursor: code execution and domain spoofing flaws
-
http://securitytracker.com/id?1023403
Access Denied
-
http://secunia.com/advisories/38068
About Secunia Research | FlexeraVendor Advisory
-
http://www.securityfocus.com/bid/37650
Patch
Jump to