FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

powerdns -- Various issues in GSS-TSIG support

Affected packages
powerdns < 4.4.0

Details

VuXML ID 61d89849-43cb-11eb-aba5-00a09858faf5
Discovery 2020-08-27
Entry 2020-12-21

PowerDNS developers report:

A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature.

A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature.

A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution by sending crafted queries with a GSS-TSIG signature.

[source]

References

CVE Name CVE-2020-24696
CVE Name CVE-2020-24697
CVE Name CVE-2020-24698
URL https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.