Vulnerability Details CVE-2005-2301
PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18
- http://marc.info/?l=bugtraq&m=112155941310297&w=2
- http://securitytracker.com/id?1014504
- http://www.novell.com/linux/security/advisories/2005_19_sr.html
- http://www.securityfocus.com/bid/14290
- http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18
- http://marc.info/?l=bugtraq&m=112155941310297&w=2
- http://securitytracker.com/id?1014504
- http://www.novell.com/linux/security/advisories/2005_19_sr.html
- http://www.securityfocus.com/bid/14290
Products affected by CVE-2005-2301
-
cpe:2.3:a:powerdns:powerdns:2.9.0
-
cpe:2.3:a:powerdns:powerdns:2.9.1
-
cpe:2.3:a:powerdns:powerdns:2.9.10
-
cpe:2.3:a:powerdns:powerdns:2.9.11
-
cpe:2.3:a:powerdns:powerdns:2.9.12
-
cpe:2.3:a:powerdns:powerdns:2.9.13
-
cpe:2.3:a:powerdns:powerdns:2.9.14
-
cpe:2.3:a:powerdns:powerdns:2.9.15
-
cpe:2.3:a:powerdns:powerdns:2.9.16
-
cpe:2.3:a:powerdns:powerdns:2.9.17
-
cpe:2.3:a:powerdns:powerdns:2.9.2
-
cpe:2.3:a:powerdns:powerdns:2.9.3a
-
cpe:2.3:a:powerdns:powerdns:2.9.4
-
cpe:2.3:a:powerdns:powerdns:2.9.5
-
cpe:2.3:a:powerdns:powerdns:2.9.6
-
cpe:2.3:a:powerdns:powerdns:2.9.7
-
cpe:2.3:a:powerdns:powerdns:2.9.8