Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
PowerDNS Authoritative Server Multiple Vulnerabilities (2020-06)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
PowerDNS Authoritative Server is prone to multiple vulnerabilities in the GSS-TSIG support.
Insight
Insight
The following vulnerabilities exist: - A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature (CVE-2020-24696) - A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature (CVE-2020-24697) - A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution by sending crafted queries with a GSS-TSIG signature (CVE-2020-24698)
Affected Software
Affected Software
PowerDNS Authoritative prior to version 4.4.0.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 4.4.0 or later.