PT-2019-16733 · Powerdns+1 · Powerdns Recursor+1

George Thessalonikefs

Publicado

2019-01-23

Atualizado

2024-06-15

CVE-2019-3807

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PowerDNS Recursor versions 4.1.x through 4.1.8

Description An issue has been found where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.

Recommendations For PowerDNS Recursor versions 4.1.x through 4.1.8, update to version 4.1.9 or later to resolve the issue.

Correção

Insufficient Verification of Data Authenticity

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-345CWE-295

Identificadores relacionados

CVE-2019-3807

MGASA-2019-0051

OPENSUSE-SU-2019:0100-1

OPENSUSE-SU-2019:0107-1

OPENSUSE-SU-2019:0131-1

OPENSUSE-SU-2019_0100-1

OPENSUSE-SU-2024:11157-1

Produtos afetados

Powerdns Recursor

Suse

PT-2019-16733 · Powerdns+1 · Powerdns Recursor+1

CVE-2019-3807

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 40