CVE-2016-6172 — MEDIUM (6.8)

Q: How severe is CVE-2016-6172?

CVE-2016-6172 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-6172?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Leap, Opensuse Opensuse, Powerdns Authoritative Server.

Vulnerability Description

PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.

CVSS Score

6.8

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Opensuse	Leap	42.1
Opensuse	Opensuse	13.2
Powerdns	Authoritative Server	<= 4.0.0

Related Weaknesses (CWE)

CWE-400

References

http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3664
http://www.openwall.com/lists/oss-security/2016/07/06/3Mailing List
http://www.securityfocus.com/bid/91678
http://www.securitytracker.com/id/1036242
https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-401Release Notes
https://github.com/PowerDNS/pdns/issues/4128Issue Tracking
https://github.com/PowerDNS/pdns/issues/4133Issue Tracking
https://github.com/PowerDNS/pdns/pull/4134Issue Tracking
https://github.com/sischkg/xfer-limit/blob/master/README.mdPatch
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3664
http://www.openwall.com/lists/oss-security/2016/07/06/3Mailing List
http://www.securityfocus.com/bid/91678

FAQ

What is CVE-2016-6172?

CVE-2016-6172 is a vulnerability with a CVSS score of 6.8 (MEDIUM). PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR...

How severe is CVE-2016-6172?

CVE-2016-6172 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-6172?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Leap, Opensuse Opensuse, Powerdns Authoritative Server.