Vulnerability Description
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Powerdns | Authoritative Server | <= 2.9.21 |
| Powerdns | Powerdns | All versions |
Related Weaknesses (CWE)
References
- http://doc.powerdns.com/changelog.html
- http://doc.powerdns.com/powerdns-advisory-2008-02.html
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
- http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.htmlPatch
- http://secunia.com/advisories/31401
- http://secunia.com/advisories/31407Vendor Advisory
- http://secunia.com/advisories/31448
- http://secunia.com/advisories/31687
- http://secunia.com/advisories/33264
- http://security.gentoo.org/glsa/glsa-200812-19.xml
- http://www.securityfocus.com/bid/30587
- http://www.vupen.com/english/advisories/2008/2320
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44253
- https://www.debian.org/security/2008/dsa-1628
- https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.htm
FAQ
What is CVE-2008-3337?
CVE-2008-3337 is a vulnerability with a CVSS score of 6.4 (MEDIUM). PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issu...
How severe is CVE-2008-3337?
CVE-2008-3337 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3337?
Check the references section above for vendor advisories and patch information. Affected products include: Powerdns Authoritative Server, Powerdns Powerdns.