Candidate: CVE-2016-7072
PublicDate: 2018-09-10 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072
 https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/
Description:
 An issue has been found in PowerDNS Authoritative Server before 3.4.11 and
 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of
 service by opening a large number of TCP connections to the web server. If
 the web server runs out of file descriptors, it triggers an exception and
 terminates the whole PowerDNS process. While it's more complicated for an
 unauthorized attacker to make the web server run out of file descriptors
 since its connection will be closed just after being accepted, it might
 still be possible.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_pdns:
upstream_pdns: released (4.0.2-1)
precise_pdns: ignored (reached end-of-life)
precise/esm_pdns: DNE (precise was needs-triage)
trusty_pdns: ignored (reached end-of-life)
trusty/esm_pdns: DNE (trusty was needed)
vivid/stable-phone-overlay_pdns: DNE
vivid/ubuntu-core_pdns: DNE
xenial_pdns: ignored (end of standard support, was needed)
yakkety_pdns: ignored (reached end-of-life)
zesty_pdns: ignored (reached end-of-life)
artful_pdns: ignored (reached end-of-life)
bionic_pdns: not-affected (4.0.2-1)
cosmic_pdns: not-affected (4.0.2-1)
disco_pdns: not-affected (4.0.2-1)
eoan_pdns: not-affected (4.0.2-1)
focal_pdns: not-affected (4.0.2-1)
groovy_pdns: not-affected (4.0.2-1)
hirsute_pdns: not-affected (4.0.2-1)
impish_pdns: not-affected (4.0.2-1)
jammy_pdns: not-affected (4.0.2-1)
devel_pdns: not-affected (4.0.2-1)