VuXML ID | Description |
f9c5a410-9b4e-11ea-ac3f-6805ca2fa271 | powerdns-recursor -- multiple vulnerabilities
PowerDNS Team reports:
CVE-2020-10995: An issue in the DNS protocol has been found that allow malicious parties to use
recursive DNS services to attack third party authoritative name servers. The attack uses a crafted
reply by an authoritative name server to amplify the resulting traffic between the recursive and
other authoritative name servers. Both types of service can suffer degraded performance as an effect.
CVE-2020-12244: An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in
the answer section of a NXDOMAIN response lacking an SOA were not properly validated in
SyncRes::processAnswer. This would allow an attacker in position of man-in-the-middle to send a
NXDOMAIN answer for a name that does exist, bypassing DNSSEC validation.
CVE-2020-10030: An issue has been found in PowerDNS Authoritative Server allowing an attacker
with enough privileges to change the system's hostname to cause disclosure of uninitialized memory
content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does
not null-terminate the returned string if the hostname is larger than the supplied buffer. Linux
systems are not affected because the buffer is always large enough. OpenBSD systems are not affected
because the returned hostname is always null-terminated. Under some conditions this issue can lead
to the writing of one null-byte out-of-bounds on the stack, causing a denial of service or possibly
arbitrary code execution.
Discovery 2020-05-19 Entry 2020-05-26 Modified 2020-05-29 powerdns-recursor
ge 4.3.0 lt 4.3.1
ge 4.2.0 lt 4.2.2
ge 4.1.0 lt 4.1.16
https://doc.powerdns.com/recursor/security-advisories/index.html
CVE-2020-10995
CVE-2020-12244
CVE-2020-10030
|
a6860b11-0dee-11eb-94ff-6805ca2fa271 | powerdns-recursor -- cache pollution
PowerDNS Team reports:
CVE-2020-25829: An issue has been found in PowerDNS Recursor where a
remote attacker can cause the cached records for a given name to be
updated to the âBogusâ DNSSEC validation state, instead of their actual
DNSSEC âSecureâ state, via a DNS ANY query. This results in a denial
of service for installations that always validate (dnssec=validate)
and for clients requesting validation when on-demand validation is
enabled (dnssec=process).
Discovery 2020-10-13 Entry 2020-10-14 powerdns-recursor
ge 4.3.0 lt 4.3.5
ge 4.2.0 lt 4.2.5
ge 4.1.0 lt 4.1.18
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html
CVE-2020-25829
|
641cd669-bc37-11ea-babf-6805ca2fa271 | powerdns-recursor -- access restriction bypass
PowerDNS Team reports:
CVE-2020-14196: An issue has been found in PowerDNS Recursor where the ACL applied to the internal
web server via webserver-allow-from is not properly enforced, allowing a remote attacker to send
HTTP queries to the internal web server, bypassing the restriction.
In the default configuration the API webserver is not enabled. Only installations using a
non-default value for webserver and webserver-address are affected.
Discovery 2020-07-01 Entry 2020-07-02 powerdns-recursor
ge 4.3.0 lt 4.3.2
ge 4.2.0 lt 4.2.3
ge 4.1.0 lt 4.1.17
https://doc.powerdns.com/recursor/security-advisories/index.html
CVE-2020-14196
|
5418b360-29cc-11ed-a6d4-6805ca2fa271 | powerdns-recursor -- denial of service
PowerDNS Team reports:
PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation.
Discovery 2022-08-23 Entry 2022-09-01 powerdns-recursor
< 4.7.2
< 4.6.3
< 4.5.10
CVE-2022-37428
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html
|
5418b360-29cc-11ed-a6d4-6805ca2fa271 | powerdns-recursor -- denial of service
PowerDNS Team reports:
PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation.
Discovery 2022-08-23 Entry 2022-09-01 powerdns-recursor
< 4.7.2
< 4.6.3
< 4.5.10
CVE-2022-37428
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html
|
5418b360-29cc-11ed-a6d4-6805ca2fa271 | powerdns-recursor -- denial of service
PowerDNS Team reports:
PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation.
Discovery 2022-08-23 Entry 2022-09-01 powerdns-recursor
< 4.7.2
< 4.6.3
< 4.5.10
CVE-2022-37428
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html
|