CVE-2017-15090
Published: 23 January 2018
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.
Priority
Status
Package | Release | Status |
---|---|---|
pdns-recursor Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(4.1.1-2)
|
|
cosmic |
Not vulnerable
(4.1.1-2)
|
|
disco |
Not vulnerable
(4.1.1-2)
|
|
eoan |
Not vulnerable
(4.1.1-2)
|
|
focal |
Not vulnerable
(4.1.1-2)
|
|
groovy |
Not vulnerable
(4.1.1-2)
|
|
hirsute |
Not vulnerable
(4.1.1-2)
|
|
impish |
Not vulnerable
(4.1.1-2)
|
|
jammy |
Not vulnerable
(4.1.1-2)
|
|
kinetic |
Not vulnerable
(4.1.1-2)
|
|
lunar |
Not vulnerable
(4.1.1-2)
|
|
mantic |
Not vulnerable
(4.1.1-2)
|
|
trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
upstream |
Released
(4.0.7-1)
|
|
xenial |
Needed
|
|
zesty |
Ignored
(end of life)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.9 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |