Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2301

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2301
Last Modified 05 Sep 2008 04:51:24
Published 19 Jul 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2301

Summary

PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.

Vulnerable Systems

Application

  • Powerdns 2.9.0

  • Powerdns 2.9.1

  • Powerdns 2.9.10

  • Powerdns 2.9.11

  • Powerdns 2.9.12

  • Powerdns 2.9.13

  • Powerdns 2.9.14

  • Powerdns 2.9.15

  • Powerdns 2.9.16

  • Powerdns 2.9.17

  • Powerdns 2.9.2

  • Powerdns 2.9.3a

  • Powerdns 2.9.4

  • Powerdns 2.9.5

  • Powerdns 2.9.6

  • Powerdns 2.9.7

  • Powerdns 2.9.8


References

BUGTRAQ - 20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP

CONFIRM - http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18

BID - 14290

SUSE - SUSE-SR:2005:019

SECTRACK - 1014504


Last Updated: 27 May 2016 10:40:28