CVE-2021-36754 Scanner

The PowerDNS Authoritative Server is widely used in network environments to manage and serve DNS queries. Developed and maintained by PowerDNS, a reputable entity in the DNS management landscape, this software is crucial for organizations aiming to efficiently manage domain name systems across various networked devices. Given its role, the stability and security of the PowerDNS Authoritative Server are paramount to network operations, ensuring that hosted domains are resolved accurately and promptly. The software provides an array of features including advanced forwarding, DNSSEC, and multi-tenancy, making it a preferred choice for enterprises and hosting providers. The server's high configurability extends its deployment options, from serving as a primary DNS server to handling complex DNS configurations. Security updates and patches are regularly released by PowerDNS to ensure robustness against emerging threats.

The Denial of Service (DoS) vulnerability affecting the PowerDNS Authoritative Server 4.5.0 to 4.5.1 involves the improper handling of DNS queries, particularly those with a specific QTYPE of 65535. An attacker exploiting this vulnerability can cause the server to crash, effectively taking it offline and disrupting DNS services. The vulnerability stems from an out-of-bounds exception triggered by the illegitimate query type, which the server software fails to process correctly. This vulnerability highlights the critical need for meticulous validation and error handling in software designed to face the public Internet. By manipulating the server into handling unexpected request types, attackers can degrade service availability without requiring authentication or elevated permissions. Remediation involves upgrading to a version that corrects the flawed processing logic, as outlined in PowerDNS's advisories.

Technically, the vulnerability exists within the server's query handling logic, where a specially crafted packet induces an out-of-bounds exception. The server encounters difficulty processing DNS requests with the QTYPE of 65535, a non-standard and unexpected query type. Attackers send this malformed query, causing the software to malfunction and cease operation. The vulnerability specifically affects the UDP-based communication, where query packets are most susceptible to causing a crash. The endpoint vulnerability is located at the server's DNS request processing module, where an oversight in exception handling permits this destabilizing behavior. Effective exploitation is feasible via the common DNS port (53), requiring only a network connection to the server to initiate attack attempts. Correction in later software versions closes this oversight through improved query validation mechanisms.

When exploited, this vulnerability enables attackers to execute a Denial of Service attack against systems running vulnerable versions of PowerDNS Authoritative Server. Such an attack results in a complete stoppage of DNS resolution services provided by the affected server, impacting any domain names reliant upon it. The failure to resolve domain names can disrupt web services, email systems, and other network-dependent functionalities, leading to operational downtime and potential loss of business continuity. Systems of affected entities might experience prolonged outages, adversely affecting trust and reliability metrics. As the server becomes unresponsive, internal and external services depending on domain resolution are unable to function, causing widespread connectivity issues. Remediation involves deploying updated software versions that rectify the faulty request handling mechanism.

REFERENCES

• http://www.openwall.com/lists/oss-security/2021/07/26/2
• https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html
• https://nvd.nist.gov/vuln/detail/CVE-2021-36754