vulnerability

FreeBSD: VID-1C21F6A3-9415-11E9-95EC-6805CA2FA271 (CVE-2019-10163): powerdns -- multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:N/A:P)	Jun 21, 2019	Jul 1, 2019	Aug 16, 2019

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:P)

Published

Jun 21, 2019

Added

Jul 1, 2019

Modified

Aug 16, 2019

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-1C21F6A3-9415-11E9-95EC-6805CA2FA271:

PowerDNS Team reports:

CVE-2019-10162: An issue has been found in PowerDNS Authoritative Server allowing an authorized user to

cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The

issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while

looking up the NS/A/AAAA records it is about to use for an outgoing notify.

CVE-2019-10163: An issue has been found in PowerDNS Authoritative Server allowing a remote, authorized

master server to cause a high CPU load or even prevent any further updates to any slave zone by sending

a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.

Solution

freebsd-upgrade-package-powerdns

References

NVD-CVE-2019-10163

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today