Vulnerability News
sysops

Several significant security vulnerabilities have been identified and patched in PowerDNS, a widely used open-source nameserver known for its high performance, flexibility, and scalability.

It serves as an alternative to traditional DNS solutions like BIND and is widely used in both small-scale and large-scale DNS deployments.

These vulnerabilities, which affect both the PowerDNS Authoritative Server and PowerDNS Recursor, could expose systems to potential threats such as denial of service (DoS) attacks, arbitrary code execution, and data leaks.

The vulnerabilities impact multiple versions of Ubuntu, including Ubuntu 22.04 LTS, 20.04 LTS, 18.04 ESM, and 16.04 ESM. The affected packages are:

pdns: Extremely powerful and versatile nameserver.

pdns-recursor: PowerDNS Recursor, a DNS caching and resolving server.

Vulnerabilities Details

Below is a detailed breakdown of the identified vulnerabilities:

CVE IDDescriptionImpactAffected ComponentsCVE-2018-1046Memory management issue in PowerDNS Authoritative Server could allow attackers to execute arbitrary code.Arbitrary Code ExecutionAuthoritative ServerCVE-2018-10851Improper memory handling in PowerDNS Authoritative Server and Recursor could enable denial of service.Denial of Service (DoS)Authoritative Server, RecursorCVE-2018-14626Flawed request validation after caching malformed input could lead to denial of service attacks.Denial of Service (DoS)Authoritative Server, RecursorCVE-2018-14644Mishandling of cached malformed input in PowerDNS Recursor could cause denial of service.Denial of Service (DoS)RecursorCVE-2020-17482Memory handling issue in PowerDNS Authoritative Server could expose sensitive information.Information DisclosureAuthoritative ServerCVE-2022-27227Insufficient validation of IXFR requests could result in incomplete zone transfers being treated as valid.Denial of Service (DoS)Authoritative Server, Recursor

This table provides a concise overview of the vulnerabilities, their potential impacts, and the affected components.

Users are strongly encouraged to update their systems to mitigate these vulnerabilities. The patched versions of the affected packages are available through Ubuntu Pro, a service providing extended security maintenance (ESM) and coverage for up to 25,000 packages in the Main and Universe repositories.

Updated Package Versions:

Ubuntu 22.04 LTS

pdns-recursor: 4.6.0-1ubuntu1+esm1

pdns-server: 4.5.3-1ubuntu0.1~esm1

pdns-tools: 4.5.3-1ubuntu0.1~esm1

Ubuntu 20.04 LTS

pdns-recursor: 4.2.1-1ubuntu0.1~esm1

pdns-server: 4.2.1-1ubuntu0.1~esm1

pdns-tools: 4.2.1-1ubuntu0.1~esm1

Ubuntu 18.04 ESM

pdns-recursor: 4.1.1-2ubuntu0.1~esm1

pdns-server: 4.1.1-1ubuntu0.1~esm1

pdns-tools: 4.1.1-1ubuntu0.1~esm1

Ubuntu 16.04 ESM

pdns-recursor: 4.0.0~alpha2-2ubuntu0.1+esm1

pdns-server: 4.0.0~alpha2-3ubuntu0.1~esm1

pdns-tools: 4.0.0~alpha2-3ubuntu0.1~esm1

A standard system update will automatically apply these changes.

Enhancing Security with Ubuntu Pro

Ubuntu Pro is available for free on up to five machines, offering extended security coverage for ten years. The service ensures ongoing protection for a wide range of open-source packages, reducing your system’s exposure to vulnerabilities.

System administrators are advised to prioritize these updates to safeguard their systems. Exploiting the disclosed vulnerabilities could disrupt critical services or compromise sensitive data.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates

Related Posts

Cybersecurity researchers at EXPMON have uncovered an intriguing “zero-day behavior” in PDF samples that could potentially be exploited by attackers…

A critical security vulnerability has been identified in Dell’s Update Package (DUP) Framework, potentially exposing systems to privilege escalation and…

Google Security researchers have disclosed a critical vulnerability, tagged as CVE-2024-49415, affecting Samsung smartphones last year and reported to Samsung…