pdns/recursordist/docs/security-advisories/powerdns-advisory-2020-03.rst

   1 PowerDNS Security Advisory 2020-03: Information disclosure
   2 ==========================================================
   3
   4 -  CVE: CVE-2020-10030
   5 -  Date: May 19th 2020
   6 -  Affects: PowerDNS Recursor from 4.1.0 up to and including 4.3.0
   7 -  Not affected: 4.3.1, 4.2.2, 4.1.16
   8 -  Severity: Low
   9 -  Impact: Information Disclosure, Denial of Service
  10 -  Exploit: This problem can be triggered via a crafted hostname
  11 -  Risk of system compromise: No
  12 -  Solution: Upgrade to a non-affected version
  13 -  Workaround: None
  14
  15 An issue has been found in PowerDNS Authoritative Server allowing an
  16 attacker with enough privileges to change the system's hostname to
  17 cause disclosure of uninitialized memory content via a stack-based
  18 out-of-bounds read.
  19 It only occurs on systems where gethostname() does not null-terminate
  20 the returned string if the hostname is larger than the supplied buffer.
  21 Linux systems are not affected because the buffer is always large enough.
  22 OpenBSD systems are not affected because the returned hostname is always
  23 null-terminated.
  24 Under some conditions this issue can lead to the writing of one null-byte
  25 out-of-bounds on the stack, causing a denial of service or possibly
  26 arbitrary code execution.
  27
  28 This issue has been assigned CVE-2020-10030.
  29
  30 PowPowerDNS Recursor from 4.1.0 up to and including 4.3.0 is affected.
  31
  32 Please note that at the time of writing, PowerDNS Authoritative 4.0 and
  33 below are no longer supported, as described in
  34 https://doc.powerdns.com/authoritative/appendices/EOL.html.
  35
  36 We would like to thank Valentei Sergey for finding and subsequently
  37 reporting this issue!
  38