Table 1.5. PowerDNS Security Advisory
CVE | Not yet assigned |
Date | 18th of November 2008 |
Affects | PowerDNS Authoritative Server 2.9.21.1 and earlier |
Not affected | No versions of the PowerDNS Recursor ('pdns_recursor') are affected. Versions not running in single threaded mode ('distributor-threads=1') are probably not affected. |
Severity | Moderate |
Impact | Denial of Service |
Exploit | Send PowerDNS an CH HINFO query. |
Solution | Upgrade to PowerDNS Authoritative Server 2.9.21.2, or wait for 2.9.22. |
Workaround | Remove 'distributor-threads=1' if this is set. |
Daniel Drown discovered that his PowerDNS 2.9.21.1 installation crashed on receiving a HINFO CH query. In his enthousiasm, he shared his discovery with the world, forcing a rapid over the weekend release cycle.
While we thank Daniel for his discovery, please study our security policy as outlined in Section 4, “Security” before making vulnerabilities public.
It is believed that this issue only impacts PowerDNS Authoritative Servers operating with 'distributor-threads=1', but even on other configurations a database reconnect occurs on receiving a CH HINFO query.