Published: 23/01/2018 Updated: 09/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.

Vulnerable Product	Search on Vulmon	Subscribe to Product
powerdns recursor

An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 400 up to and including 405, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a ...

Open source nameserver used by millions needs patching

The Register • Richard Chirgwin • 28 Nov 2017

PowerDNS admins, feel free to fix these DNSSEC bugs before something nasty happens

Open source DNS software vendor PowerDNS has advised users to patch its "Authoritative" and "Recursor" products, to squish five bugs disclosed today. None of the bugs pose a risk that PowerDNS might itself be compromised, but this is the DNS: what an attacker can do is fool around with DNS records in various ways. That can be catastrophic if done right: for example, if a network is tricked into advertising itself as the whole of the Internet, it can be hosed, or if the wrong network promises it'...

CVE-2017-15090

Vulnerability Summary

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect