PowerDNS Security Advisory 2010-01: PowerDNS Recursor up to and including 22.214.171.124 can be brought down and probably exploited
- CVE: CVE-2009-4009
- Date: 6th of January 2010
- Affects: PowerDNS Recursor 126.96.36.199 and earlier
- Not affected: No versions of the PowerDNS Authoritative ('pdns_server') are affected.
- Severity: Critical
- Impact: Denial of Service, possible full system compromise
- Exploit: Withheld
- Solution: Upgrade to PowerDNS Recursor 188.8.131.52 or higher
- Workaround: None. The risk of exploitation or denial of service can be decreased slightly by using the
allow-fromsetting to only provide service to known users. The risk of a full system compromise can be reduced by running with a suitable reduced privilege user and group settings, and possibly chroot environment.
Using specially crafted packets, it is possible to force a buffer overflow in the PowerDNS Recursor, leading to a crash.
This vulnerability was discovered by a third party that (for now) prefers not to be named. PowerDNS is very grateful however for their help in improving PowerDNS security.