PowerDNS Security Advisory 2008-03: Some PowerDNS Configurations can be forced to restart remotely

  • CVE: Not yet assigned
  • Date: 18th of November 2008
  • Affects: PowerDNS Authoritative Server 2.9.21.1 and earlier
  • Not affected: No versions of the PowerDNS Recursor (pdns_recursor) are affected. Versions not running in single threaded mode (distributor-threads=1) are probably not affected.
  • Severity: Moderate
  • Impact: Denial of Service
  • Exploit: Send PowerDNS an CH HINFO query.
  • Solution: Upgrade to PowerDNS Authoritative Server 2.9.21.2, or wait for 2.9.22.
  • Workaround: Remove distributor-threads=1 if this is set.

Daniel Drown discovered that his PowerDNS 2.9.21.1 installation crashed on receiving a HINFO CH query. In his enthusiasm, he shared his discovery with the world, forcing a rapid over the weekend release cycle.

While we thank Daniel for his discovery, please study our security policy as outlined in “Security” before making vulnerabilities public.

It is believed that this issue only impacts PowerDNS Authoritative Servers operating with distributor-threads=1, but even on other configurations a database reconnect occurs on receiving a CH HINFO query.