CVE-2017-15090
Published: 23 January 2018
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
pdns-recursor Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
| bionic |
Not vulnerable
(4.1.1-2)
|
|
| cosmic |
Not vulnerable
(4.1.1-2)
|
|
| disco |
Not vulnerable
(4.1.1-2)
|
|
| eoan |
Not vulnerable
(4.1.1-2)
|
|
| focal |
Not vulnerable
(4.1.1-2)
|
|
| groovy |
Not vulnerable
(4.1.1-2)
|
|
| hirsute |
Not vulnerable
(4.1.1-2)
|
|
| impish |
Not vulnerable
(4.1.1-2)
|
|
| jammy |
Not vulnerable
(4.1.1-2)
|
|
| kinetic |
Not vulnerable
(4.1.1-2)
|
|
| lunar |
Not vulnerable
(4.1.1-2)
|
|
| mantic |
Not vulnerable
(4.1.1-2)
|
|
| trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
| upstream |
Released
(4.0.7-1)
|
|
| xenial |
Needed
|
|
| zesty |
Ignored
(end of life)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.9 |
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |