Published: 09/11/2018 Updated: 09/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.

Vulnerable Product	Search on Vulmon	Subscribe to Product
powerdns recursor

Debian Bug report logs - #913162 CVE-2018-10851 CVE-2018-14626 CVE-2018-14644 Package: pdns-recursor; Maintainer for pdns-recursor is pdns-recursor packagers <pdns-recursor@packagesdebianorg>; Source for pdns-recursor is src:pdns-recursor (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: ...

An issue has been found in PowerDNS Recursor before 415 where a remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of th ...

CWE-20 https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14644 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162 https://nvd.nist.gov https://security.archlinux.org/CVE-2018-14644

CVE-2018-14644

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect