PowerDNS Security Advisory 2006-02: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space, and crash

  • CVE: CVE-2006-4252
  • Date: 13th of November 2006
  • Affects: PowerDNS Recursor versions 3.1.3 and earlier, on all operating systems.
  • Not affected: No versions of the PowerDNS Authoritative Server (‘pdns_server’) are affected.
  • Severity: Moderate
  • Impact: Denial of service
  • Exploit: This problem can be triggered by sending queries for specifically configured domains
  • Solution: Upgrade to PowerDNS Recursor 3.1.4, or apply commit 919.
  • Workaround: None known. Exposure can be limited by configuring the allow-from setting so only trusted users can query your nameserver.

PowerDNS would recurse endlessly on encountering a CNAME loop consisting entirely of zero second CNAME records, eventually exceeding resources and crashing.