Critical PowerDNS Vulnerabilities Let Attackers Gain Access to the Server Remotely
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Several significant security vulnerabilities have been identified and patched in PowerDNS, a widely used open-source nameserver known for its highperformance, flexibility, and scalability.
It serves as an alternative to traditional DNS solutions like BIND andis widely usedin both small-scale and large-scale DNS deployments.
These vulnerabilities, which affect both the PowerDNS Authoritative Server and PowerDNS Recursor, could expose systems to potential threats such as denial of service (DoS) attacks, arbitrary code execution, and data leaks.
The vulnerabilities impact multiple versions of Ubuntu, including Ubuntu 22.04 LTS, 20.04 LTS, 18.04 ESM, and 16.04 ESM . The affected packages are:
Vulnerabilities Details
Below is a detailed breakdown of the identified vulnerabilities:
CVE ID Description Impact Affected Components CVE-2018-1046 Memory management issue in PowerDNS Authoritative Server could allow attackers to execute arbitrary code.Arbitrary Code ExecutionAuthoritative Server CVE-2018-10851 Improper memory handling in PowerDNS Authoritative Server and Recursor could enable denial of service.Denial of Service (DoS)Authoritative Server, Recursor CVE-2018-14626 Flawed request validation after caching malformed input could lead to denial of service attacks.Denial of Service (DoS)Authoritative Server, Recursor CVE-2018-14644 Mishandling of cached malformed input in PowerDNS Recursor could cause denial of service.Denial of Service (DoS)Recursor CVE-2020-17482 Memory handling issue in PowerDNS Authoritative Server could expose sensitive information.Information DisclosureAuthoritative Server CVE-2022-27227 Insufficient validation of IXFR requests could result in incomplete zone transfers being treated as valid.Denial of Service (DoS)Authoritative Server, Recursor
This table provides a concise overview of the vulnerabilities, their potential impacts, and the affected components.
Users are strongly encouraged to update their systems to mitigate these vulnerabilities. The patched versions of the affected packages are available through Ubuntu Pro , a service providing extended security maintenance (ESM) and coverage for up to 25,000 packages in the Main and Universe repositories.
Updated Package Versions:
A standard system update will automatically apply these changes.
Enhancing Security with Ubuntu Pro
Ubuntu Pro is available for free on up to five machines, offering extended security coverage for ten years. The service ensures ongoing protection for a wide range of open-source packages, reducing your system’s exposure to vulnerabilities.
System administrators are advised to prioritize these updates to safeguard their systems. Exploiting the disclosed vulnerabilities could disrupt critical services or compromise sensitive data.
#Cyber_Security_News #Vulnerability #Vulnerability_News #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Critical PowerDNS Vulnerabilities Let Attackers Gain Access to the Server Remotely
Author: Balaji NSeveral significant security vulnerabilities have been identified and patched in PowerDNS, a widely used open-source nameserver known for its highperformance, flexibility, and scalability.
It serves as an alternative to traditional DNS solutions like BIND andis widely usedin both small-scale and large-scale DNS deployments.
These vulnerabilities, which affect both the PowerDNS Authoritative Server and PowerDNS Recursor, could expose systems to potential threats such as denial of service (DoS) attacks, arbitrary code execution, and data leaks.
The vulnerabilities impact multiple versions of Ubuntu, including Ubuntu 22.04 LTS, 20.04 LTS, 18.04 ESM, and 16.04 ESM . The affected packages are:
- pdns : Extremely powerful and versatile nameserver.
- pdns-recursor : PowerDNS Recursor, a DNS caching and resolving server.
Vulnerabilities Details
Below is a detailed breakdown of the identified vulnerabilities:
CVE ID Description Impact Affected Components CVE-2018-1046 Memory management issue in PowerDNS Authoritative Server could allow attackers to execute arbitrary code.Arbitrary Code ExecutionAuthoritative Server CVE-2018-10851 Improper memory handling in PowerDNS Authoritative Server and Recursor could enable denial of service.Denial of Service (DoS)Authoritative Server, Recursor CVE-2018-14626 Flawed request validation after caching malformed input could lead to denial of service attacks.Denial of Service (DoS)Authoritative Server, Recursor CVE-2018-14644 Mishandling of cached malformed input in PowerDNS Recursor could cause denial of service.Denial of Service (DoS)Recursor CVE-2020-17482 Memory handling issue in PowerDNS Authoritative Server could expose sensitive information.Information DisclosureAuthoritative Server CVE-2022-27227 Insufficient validation of IXFR requests could result in incomplete zone transfers being treated as valid.Denial of Service (DoS)Authoritative Server, Recursor
This table provides a concise overview of the vulnerabilities, their potential impacts, and the affected components.
Users are strongly encouraged to update their systems to mitigate these vulnerabilities. The patched versions of the affected packages are available through Ubuntu Pro , a service providing extended security maintenance (ESM) and coverage for up to 25,000 packages in the Main and Universe repositories.
Updated Package Versions:
- Ubuntu 22.04 LTS
- pdns-recursor: 4.6.0-1ubuntu1+esm1
- pdns-server: 4.5.3-1ubuntu0.1~esm1
- pdns-tools: 4.5.3-1ubuntu0.1~esm1
- Ubuntu 20.04 LTS
- pdns-recursor: 4.2.1-1ubuntu0.1~esm1
- pdns-server: 4.2.1-1ubuntu0.1~esm1
- pdns-tools: 4.2.1-1ubuntu0.1~esm1
- Ubuntu 18.04 ESM
- pdns-recursor: 4.1.1-2ubuntu0.1~esm1
- pdns-server: 4.1.1-1ubuntu0.1~esm1
- pdns-tools: 4.1.1-1ubuntu0.1~esm1
- Ubuntu 16.04 ESM
- pdns-recursor: 4.0.0~alpha2-2ubuntu0.1+esm1
- pdns-server: 4.0.0~alpha2-3ubuntu0.1~esm1
- pdns-tools: 4.0.0~alpha2-3ubuntu0.1~esm1
A standard system update will automatically apply these changes.
Enhancing Security with Ubuntu Pro
Ubuntu Pro is available for free on up to five machines, offering extended security coverage for ten years. The service ensures ongoing protection for a wide range of open-source packages, reducing your system’s exposure to vulnerabilities.
System administrators are advised to prioritize these updates to safeguard their systems. Exploiting the disclosed vulnerabilities could disrupt critical services or compromise sensitive data.
#Cyber_Security_News #Vulnerability #Vulnerability_News #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
