Upstream information
Description
An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 6.4 |
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | None |
| National Vulnerability Database | |
|---|---|
| Base Score | 9.8 |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
| CVSSv3 Version | 3 |
SUSE Security Advisories:
- openSUSE-SU-2019:0100-1, published Fri Dec 8 15:49:00 2023
- openSUSE-SU-2019:0107-1, published Fri Dec 8 15:49:00 2023
- openSUSE-SU-2019:0131-1, published Fri Dec 8 15:48:41 2023
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Package Hub 12 SP1 |
| Patchnames: openSUSE-2019-131 |
| SUSE Package Hub 15 |
| Patchnames: openSUSE-2019-107 |
| openSUSE Leap 15.0 |
| Patchnames: openSUSE-2019-100 |
| openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA pdns-recursor-4.5.5-1.3 |
SUSE Timeline for this CVE
CVE page created: Tue Jan 15 20:31:44 2019CVE page last modified: Wed Apr 17 17:11:09 2024