- CVE: CVE-2016-5426, CVE-2016-5427
- Date: 9th of September 2016
- Credit: Florian Heinz and Martin Kluge
- Affects: PowerDNS Authoritative Server up to and including 3.4.9
- Not affected: PowerDNS Authoritative Server 3.4.10, 4.x
- Severity: Medium
- Impact: Degraded service or Denial of service
- Exploit: This problem can be triggered by sending specially crafted query packets
- Risk of system compromise: No
- Solution: Upgrade to a non-affected version
- Workaround: Run dnsdist with the rules provided below in front of potentially affected servers, or dimension the backend capacity so that it can handle the increased load.
PowerDNS Security Advisory 2016-01: Crafted queries can cause unexpected backend load
March 20, 2017, 5:52 a.m. Posted by: aka56PowerDNS Security Advisory 2016-01: Crafted queries can cause unexpected backend load
Selengkapnya dapat dibaca disini.