CVE-2008-3337 - Vulnerability Details - OpenCVE

PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Powerdns	Authoritative Server Powerdns

Configuration 1 [-]

OR	cpe:2.3:a:powerdns:authoritative_server::::::::
	cpe:2.3:a:powerdns:powerdns::::::::

No data.

References

Link	Providers
http://doc.powerdns.com/changelog.html
http://doc.powerdns.com/powerdns-advisory-2008-02.html
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html
http://secunia.com/advisories/31401
http://secunia.com/advisories/31407
http://secunia.com/advisories/31448
http://secunia.com/advisories/31687
http://secunia.com/advisories/33264
http://security.gentoo.org/glsa/glsa-200812-19.xml
http://www.securityfocus.com/bid/30587
http://www.vupen.com/english/advisories/2008/2320
https://exchange.xforce.ibmcloud.com/vulnerabilities/44253
https://www.debian.org/security/2008/dsa-1628
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-08-08T19:00:00

Updated: 2024-08-07T09:37:26.688Z

Reserved: 2008-07-27T00:00:00

Link: CVE-2008-3337

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-08-08T19:41:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-3337

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-08-06T00:00:00", "descriptions": [{"lang": "en", "value": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SUSE-SR:2008:017", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"}, {"name": "FEDORA-2008-7048", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"}, {"name": "31401", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31401"}, {"name": "30587", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30587"}, {"name": "31687", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31687"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://doc.powerdns.com/changelog.html"}, {"name": "31448", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31448"}, {"name": "DSA-1628", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2008/dsa-1628"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"}, {"name": "33264", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33264"}, {"name": "FEDORA-2008-7083", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"}, {"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"}, {"name": "powerdns-query-weak-security(44253)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"}, {"name": "GLSA-200812-19", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"}, {"name": "31407", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31407"}, {"name": "ADV-2008-2320", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2320"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3337", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SR:2008:017", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"}, {"name": "FEDORA-2008-7048", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"}, {"name": "31401", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31401"}, {"name": "30587", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30587"}, {"name": "31687", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31687"}, {"name": "http://doc.powerdns.com/changelog.html", "refsource": "CONFIRM", "url": "http://doc.powerdns.com/changelog.html"}, {"name": "31448", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31448"}, {"name": "DSA-1628", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2008/dsa-1628"}, {"name": "http://doc.powerdns.com/powerdns-advisory-2008-02.html", "refsource": "CONFIRM", "url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"}, {"name": "33264", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33264"}, {"name": "FEDORA-2008-7083", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"}, {"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released", "refsource": "MLIST", "url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"}, {"name": "powerdns-query-weak-security(44253)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"}, {"name": "GLSA-200812-19", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"}, {"name": "31407", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31407"}, {"name": "ADV-2008-2320", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2320"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:37:26.688Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SR:2008:017", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"}, {"name": "FEDORA-2008-7048", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"}, {"name": "31401", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31401"}, {"name": "30587", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30587"}, {"name": "31687", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31687"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://doc.powerdns.com/changelog.html"}, {"name": "31448", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31448"}, {"name": "DSA-1628", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2008/dsa-1628"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"}, {"name": "33264", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33264"}, {"name": "FEDORA-2008-7083", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"}, {"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"}, {"name": "powerdns-query-weak-security(44253)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"}, {"name": "GLSA-200812-19", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"}, {"name": "31407", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31407"}, {"name": "ADV-2008-2320", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2320"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3337", "datePublished": "2008-08-08T19:00:00", "dateReserved": "2008-07-27T00:00:00", "dateUpdated": "2024-08-07T09:37:26.688Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "25F615C5-BE99-4CAF-AE71-30A9B4CE747F", "versionEndIncluding": "2.9.21", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:powerdns:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDF235AA-7A2C-4223-AB14-A30058546EF1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."}, {"lang": "es", "value": "PowerDNS Authoritative Server versiones anteriores a 2.9.21.1 descarga peticiones malformadas, lo cual puede hacer m\u00e1s f\u00e1cil a atacantes remotos envenenar cach\u00e9s DNS de otros productos ejecut\u00e1ndose en otros servidores, una cuesti\u00f3n diferente a CVE-2008-1447 y CVE-2008-3217."}], "id": "CVE-2008-3337", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-08-08T19:41:00.000", "references": [{"source": "cve@mitre.org", "url": "http://doc.powerdns.com/changelog.html"}, {"source": "cve@mitre.org", "url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31401"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31407"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31448"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31687"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/33264"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30587"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2320"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2008/dsa-1628"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://doc.powerdns.com/changelog.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31401"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31407"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31687"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33264"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/30587"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2320"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2008/dsa-1628"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}