Published: 11/09/2018 Updated: 09/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An issue has been found in PowerDNS prior to 3.4.11 and 4.0.2, and PowerDNS recursor prior to 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
powerdns recursor
powerdns authoritative
debian debian linux 8.0

Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2120 Mathieu Lafon discovered that pdns does not properly validate records in zones An authorized user can take advantage of this flaw to crash server by inser ...

An issue has been found in PowerDNS Authoritative Server and PowerDNS Recursor allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures A missing check of the TSIG time and fudge values in AXFRRetriever, leading to a possible replay attack ...

CWE-20 https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7073 https://www.debian.org/security/2017/dsa-3764 https://nvd.nist.gov https://www.debian.org/security/./dsa-3764

CVE-2016-7073

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect