PT-2018-5757 · Powerdns · Powerdns Recursor

Kees Monshouwer

Published

2018-01-23

Updated

2024-06-15

CVE-2017-15090

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: PowerDNS Recursor versions 4.0.0 through 4.0.6

Description: The issue is related to the DNSSEC validation component, where signatures might be accepted as valid even if the signed data is not in the bailiwick of the DNSKEY used to sign it. This could allow an attacker in a man-in-the-middle position to alter record content by issuing a valid signature for crafted records.

Recommendations: For PowerDNS Recursor versions 4.0.0 through 4.0.6, update to a version that includes the fix for this issue to prevent potential exploitation.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

CVE-2017-15090

OPENSUSE-SU-2024:11157-1

Affected Products

Powerdns Recursor

PT-2018-5757 · Powerdns · Powerdns Recursor

CVE-2017-15090

Weakness Enumeration

Related Identifiers

Affected Products

References · 29