Candidate: CVE-2018-1000003
PublicDate: 2018-01-22 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000003
 https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-01.html
Description:
 Improper input validation bugs in DNSSEC validators components in PowerDNS
 version 4.1.0 allow attacker in man-in-the-middle position to deny
 existence of some data in DNS via packet replay.
Ubuntu-Description:
Notes:
 msalvatore> "Not affected: PowerDNS Recurosr < 4.1.0, 4.1.1"
Bugs:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L [3.7 LOW]


Patches_pdns-recursor:
upstream_pdns-recursor: released (4.1.1-1)
precise/esm_pdns-recursor: DNE
trusty_pdns-recursor: ignored (reached end-of-life)
trusty/esm_pdns-recursor: DNE (trusty was needs-triage)
xenial_pdns-recursor: not-affected (code not present)
artful_pdns-recursor: ignored (reached end-of-life)
bionic_pdns-recursor: not-affected (4.1.1-2)
cosmic_pdns-recursor: ignored (reached end-of-life)
disco_pdns-recursor: not-affected (4.1.1-2)
eoan_pdns-recursor: not-affected (4.1.1-2)
devel_pdns-recursor: not-affected (4.1.1-2)