An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/101982 | Third Party Advisory VDB Entry |
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html | Patch Vendor Advisory |
http://www.securityfocus.com/bid/101982 | Third Party Advisory VDB Entry |
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html | Patch Vendor Advisory |
Configurations
History
21 Nov 2024, 03:14
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/101982 - Third Party Advisory, VDB Entry | |
References | () https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html - Patch, Vendor Advisory |
Information
Published : 2018-01-23 15:29
Updated : 2024-11-21 03:14
NVD link : CVE-2017-15090
Mitre link : CVE-2017-15090
CVE.ORG link : CVE-2017-15090
JSON object : View
Products Affected
powerdns
- recursor
CWE
CWE-347
Improper Verification of Cryptographic Signature