PT-2018-5757 · Powerdns · Powerdns Recursor

Kees Monshouwer

Publicado

2018-01-23

Atualizado

2024-06-15

CVE-2017-15090

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: PowerDNS Recursor versions 4.0.0 through 4.0.6

Description: The issue is related to the DNSSEC validation component, where signatures might be accepted as valid even if the signed data is not in the bailiwick of the DNSKEY used to sign it. This could allow an attacker in a man-in-the-middle position to alter record content by issuing a valid signature for crafted records.

Recommendations: For PowerDNS Recursor versions 4.0.0 through 4.0.6, update to a version that includes the fix for this issue to prevent potential exploitation.

Correção

Improper Verification of Cryptographic Signature

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-347

Identificadores relacionados

CVE-2017-15090

OPENSUSE-SU-2024:11157-1

Produtos afetados

Powerdns Recursor

PT-2018-5757 · Powerdns · Powerdns Recursor

CVE-2017-15090

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 29