PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service (“performance degradations”) via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8601
Reference (s):
- BID:71545
- URL: http://www.securityfocus.com/bid/71545
- CERT-VN:VU#264212
- URL: http://www.kb.cert.org/vuls/id/264212
- http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/