6.4

CVE-2008-3337

PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PowerdnsAuthoritative Server Version <= 2.9.21
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.12% 0.925
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://secunia.com/advisories/31687
http://doc.powerdns.com/changelog.html
http://doc.powerdns.com/powerdns-advisory-2008-02.html
http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html
Patch
http://secunia.com/advisories/31401
http://secunia.com/advisories/31407
Vendor Advisory
http://secunia.com/advisories/31448
http://secunia.com/advisories/33264
http://security.gentoo.org/glsa/glsa-200812-19.xml
http://www.securityfocus.com/bid/30587
http://www.vupen.com/english/advisories/2008/2320
https://exchange.xforce.ibmcloud.com/vulnerabilities/44253
https://www.debian.org/security/2008/dsa-1628
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html