Vulnerability Details : CVE-2016-6172
PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.
Vulnerability category: Denial of service
Products affected by CVE-2016-6172
- cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6172
0.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6172
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:N/I:N/A:C |
8.6
|
6.9
|
NIST | |
6.8
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H |
2.2
|
4.0
|
NIST |
CWE ids for CVE-2016-6172
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6172
-
http://www.securitytracker.com/id/1036242
PowerDNS AXFR/IXFR Response Processing Bug Lets Remote DNS Servers Cause the Target DNS Service to Crash - SecurityTracker
-
http://www.openwall.com/lists/oss-security/2016/07/06/3
oss-security - Malicious primary DNS servers can crash secondariesMailing List
-
http://www.debian.org/security/2016/dsa-3664
Debian -- Security Information -- DSA-3664-1 pdns
-
https://github.com/sischkg/xfer-limit/blob/master/README.md
xfer-limit/README.md at master · sischkg/xfer-limit · GitHubPatch
-
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html
[dns-operations] about wildcard for CNAMEMailing List;Third Party Advisory
-
https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-401
ChangelogsRelease Notes
-
https://github.com/PowerDNS/pdns/pull/4134
Add limits to the size of received AXFR, in megabytes by rgacogne · Pull Request #4134 · PowerDNS/pdns · GitHubIssue Tracking
-
http://www.securityfocus.com/bid/91678
Multiple DNS Servers Remote Denial of Service Vulnerability
-
https://github.com/PowerDNS/pdns/issues/4133
Add limits to the size of received {A,I}XFR, in megabytes by rgacogne · Pull Request #4133 · PowerDNS/pdns · GitHubIssue Tracking
-
https://github.com/PowerDNS/pdns/issues/4128
xfer size issue · Issue #4128 · PowerDNS/pdns · GitHubIssue Tracking
-
http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.html
openSUSE-SU-2016:2116-1: moderate: Security update for pdnsThird Party Advisory
Jump to