CVE-2005-2302

Properties

Published:
18.07.2005
Updated:
20.10.2005
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:L/AC:L/Au:NR/C:N/I:N/A:C/B:N) Approximated
    Product:
    PowerDNS: PowerDNS
    PowerDNS: PowerDNS
    PowerDNS: PowerDNS
    PowerDNS: PowerDNS
    PowerDNS: PowerDNS
    PowerDNS: PowerDNS
    PowerDNS: PowerDNS
    PowerDNS: PowerDNS
    PowerDNS: PowerDNS
    PowerDNS: PowerDNS
    PowerDNS: PowerDNS
    PowerDNS: PowerDNS
    PowerDNS: PowerDNS
    PowerDNS: PowerDNS
    PowerDNS: PowerDNS
    PowerDNS: PowerDNS
    PowerDNS: PowerDNS

    Vulnerability description

    PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a"blank out" of answers to those clients that are allowed to use recursion.

    References:

    BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=112155941310297&w=2
    http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18: http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18
    BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=112155941310297&w=2
    SECTRACK: http://securitytracker.com/id?1014504