CVE-2005-2301 - OpenCVE

PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Powerdns	Powerdns

Configuration 1 [-]

OR	cpe:2.3:a:powerdns:powerdns:2.9.0:::::::*
	cpe:2.3:a:powerdns:powerdns:2.9.1:::::::*
	cpe:2.3:a:powerdns:powerdns:2.9.2:::::::*
	cpe:2.3:a:powerdns:powerdns:2.9.3a:::::::*
	cpe:2.3:a:powerdns:powerdns:2.9.4:::::::*
	cpe:2.3:a:powerdns:powerdns:2.9.5:::::::*
	cpe:2.3:a:powerdns:powerdns:2.9.6:::::::*
	cpe:2.3:a:powerdns:powerdns:2.9.7:::::::*
	cpe:2.3:a:powerdns:powerdns:2.9.8:::::::*
	cpe:2.3:a:powerdns:powerdns:2.9.10:::::::*
	cpe:2.3:a:powerdns:powerdns:2.9.11:::::::*
	cpe:2.3:a:powerdns:powerdns:2.9.12:::::::*
	cpe:2.3:a:powerdns:powerdns:2.9.13:::::::*
	cpe:2.3:a:powerdns:powerdns:2.9.14:::::::*
	cpe:2.3:a:powerdns:powerdns:2.9.15:::::::*
	cpe:2.3:a:powerdns:powerdns:2.9.16:::::::*
	cpe:2.3:a:powerdns:powerdns:2.9.17:::::::*

No data.

References

Link	Providers
http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18
http://marc.info/?l=bugtraq&m=112155941310297&w=2
http://securitytracker.com/id?1014504
http://www.novell.com/linux/security/advisories/2005_19_sr.html
http://www.securityfocus.com/bid/14290

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-07-19T04:00:00

Updated: 2024-08-07T22:22:48.596Z

Reserved: 2005-07-19T00:00:00

Link: CVE-2005-2301

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-07-19T04:00:00.000

Modified: 2016-10-18T03:26:16.620

Link: CVE-2005-2301

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-07-16T00:00:00", "descriptions": [{"lang": "en", "value": "PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"}, {"name": "SUSE-SR:2005:019", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"}, {"name": "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=112155941310297&w=2"}, {"name": "1014504", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1014504"}, {"name": "14290", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/14290"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2301", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18", "refsource": "CONFIRM", "url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"}, {"name": "SUSE-SR:2005:019", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"}, {"name": "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=112155941310297&w=2"}, {"name": "1014504", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1014504"}, {"name": "14290", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14290"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T22:22:48.596Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"}, {"name": "SUSE-SR:2005:019", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"}, {"name": "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=112155941310297&w=2"}, {"name": "1014504", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1014504"}, {"name": "14290", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/14290"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2301", "datePublished": "2005-07-19T04:00:00", "dateReserved": "2005-07-19T00:00:00", "dateUpdated": "2024-08-07T22:22:48.596Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C1E89A2-4993-4208-B67F-52B08A6F1BDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "B340CA64-2358-46E6-8F65-725B6ACE77D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "8ADBB8B1-C732-49BA-9270-F5551A9E2D0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.3a:*:*:*:*:*:*:*", "matchCriteriaId": "80C62126-2E61-4532-BFA2-D66FCCC8C9E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "4472A3D7-8E17-4D80-AA2D-724C74EEF9E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "07CDE603-2A52-4C6F-B6A3-563D516BB4C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "AC3E5668-9B66-4C80-8C38-6FF01C342182", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "BB793844-A30A-4F97-954B-690083E77430", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "B636157B-E627-4EF1-B6C2-640648C001D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.10:*:*:*:*:*:*:*", "matchCriteriaId": "34EEA40F-CD68-4AE9-A305-402BFBEEA23B", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.11:*:*:*:*:*:*:*", "matchCriteriaId": "40FFBCCC-3595-4148-A3CD-28FD390FB786", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.12:*:*:*:*:*:*:*", "matchCriteriaId": "3B7722F1-D913-42A0-93EA-48140F47F221", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "16E26E04-71AA-4A00-B0EE-9A04A63ADBBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.14:*:*:*:*:*:*:*", "matchCriteriaId": "4A413F4D-123A-4AA6-A097-9900F9B39817", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.15:*:*:*:*:*:*:*", "matchCriteriaId": "4F03070D-C76A-4A31-AA0C-E32442EBE83B", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.16:*:*:*:*:*:*:*", "matchCriteriaId": "F2BE9083-C8DA-4CCB-AAA0-8E31A1C566D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.17:*:*:*:*:*:*:*", "matchCriteriaId": "11FC77A2-E464-4832-ADCD-68D66E7CB29E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack."}, {"lang": "es", "value": "PowerDNS anterior a la 2.9.18, cuando se ejecuta en LDAP, no escapa adecuadamente las peticiones LDAP, lo que permite que atacantes remotos causen una denegaci\u00f3n de servicio."}], "id": "CVE-2005-2301", "lastModified": "2016-10-18T03:26:16.620", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-07-19T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=112155941310297&w=2"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1014504"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/14290"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}