PowerDNS Recursor DoS Vulnerability (2023-01)

2023-01-2300:00:00

plugins.openvas.org

denial of service

remote attack

powerdns recursor

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

65.4%

JSON

PowerDNS Recursor is prone to a denial of service (DoS)
vulnerability.

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later

CPE = "cpe:/a:powerdns:recursor";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.118454");
  script_version("2023-10-13T05:06:10+0000");
  script_tag(name:"last_modification", value:"2023-10-13 05:06:10 +0000 (Fri, 13 Oct 2023)");
  script_tag(name:"creation_date", value:"2023-01-23 14:31:57 +0000 (Mon, 23 Jan 2023)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-01-31 17:24:00 +0000 (Tue, 31 Jan 2023)");

  script_cve_id("CVE-2023-22617");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("PowerDNS Recursor DoS Vulnerability (2023-01)");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Denial of Service");
  script_dependencies("pdns_version.nasl");
  script_mandatory_keys("powerdns/recursor/installed");

  script_tag(name:"summary", value:"PowerDNS Recursor is prone to a denial of service (DoS)
  vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"An issue in the processing of queries for misconfigured domains
  has been found in PowerDNS Recursor 4.8.0, allowing a remote attacker to crash the recursor by
  sending a DNS query for one of these domains. The issue happens because the recursor enters an
  unbounded loop, exceeding its stack memory. Because of the specific way in which this issue
  happens, the vendor does not believe this issue to be exploitable for code execution.

  Note: PowerDNS Recursor versions before 4.8.0 are not affected.

  Note that when the PowerDNS Recursor is run inside a supervisor like supervisord or systemd, a
  crash will lead to an automatic restart, limiting the impact to a somewhat degraded service.");

  script_tag(name:"affected", value:"PowerDNS Recursor version 4.8.0.");

  script_tag(name:"solution", value:"Update to version 4.8.1 or later.");

  script_xref(name:"URL", value:"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-01.html");

  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if( ! port = get_app_port( cpe:CPE ) )
  exit( 0 );

if( ! infos = get_app_version_and_proto( cpe:CPE, port:port ) )
  exit( 0 );

version = infos["version"];
proto = infos["proto"];

if( version_in_range_exclusive( version:version, test_version_lo:"4.8.0", test_version_up:"4.8.1" ) ) {
  report = report_fixed_ver( installed_version:version, fixed_version:"4.8.1" );
  security_message( port:port, proto:proto, data:report );
  exit( 0 );
}

exit( 99 );