Test Kennung:	1.3.6.1.4.1.25623.1.0.148630
Kategorie:	Denial of Service
Titel:	PowerDNS Recursor DoS Vulnerability (2022-02)
Zusammenfassung:	PowerDNS Recursor is prone to a denial of service (DoS); vulnerability.
Beschreibung:	Summary: PowerDNS Recursor is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: This issue only affects recursors which have protobuf logging enabled using the - protobufServer function with logResponses equals true or - outgoingProtobufServer function with logResponses equals true If either of these functions is used without specifying logResponses, its value is true. An attacker needs to have access to the recursor, i.e. the remote IP must be in the access control list. If an attacker queries a name that leads to an answer with specific properties, a protobuf message might be generated that causes an exception. The code does not handle this exception correctly, causing a denial of service. Affected Software/OS: PowerDNS Recursor version 4.5.9 and prior, version 4.6.x through 4.6.2 and 4.7.x through 4.7.1. Solution: Update to version 4.5.10, 4.6.3, 4.7.2 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-37428 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXSREJKTT6RNE3GXQENQ4R4HS37UNSPX/ https://docs.powerdns.com/recursor/lua-config/protobuf.html https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html
Copyright	Copyright (C) 2022 Greenbone Networks GmbH

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.