When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.
{"id": "ALPINE:CVE-2017-15093", "vendorId": null, "type": "alpinelinux", "bulletinFamily": "unix", "title": "CVE-2017-15093", "description": "When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.", "published": "2018-01-23T15:29:00", "modified": "2019-10-09T23:24:00", "epss": [{"cve": "CVE-2017-15093", "epss": 0.00057, "percentile": 0.21697, "modified": "2023-06-23"}], "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 3.5}, "severity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.6, "impactScore": 3.6}, "href": "https://security.alpinelinux.org/vuln/CVE-2017-15093", "reporter": "Alpine Linux Development Team", "references": [], "cvelist": ["CVE-2017-15093"], "immutableFields": [], "lastseen": "2023-06-23T15:26:21", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201711-31"]}, {"type": "cve", "idList": ["CVE-2017-15093"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-15093"]}, {"type": "fedora", "idList": ["FEDORA:3AD2760D1C9C", "FEDORA:6EFE46076025", "FEDORA:A906F601DD76", "FEDORA:ADC626076F59"]}, {"type": "nessus", "idList": ["FEDORA_2017-1585789772.NASL", "FEDORA_2017-608B6F5945.NASL", "FEDORA_2017-81FE39AD9F.NASL", "OPENSUSE-2017-1339.NASL", "POWERDNS_RECURSOR_4_0_7_2017-06.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310140544", "OPENVAS:1361412562310873903", "OPENVAS:1361412562310873904", "OPENVAS:1361412562310873920", "OPENVAS:1361412562310874674"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-15090", "RH:CVE-2017-15093"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-15093"]}]}, "score": {"value": 5.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-201711-31"]}, {"type": "cve", "idList": ["CVE-2017-15093"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-15093"]}, {"type": "fedora", "idList": ["FEDORA:3AD2760D1C9C", "FEDORA:6EFE46076025", "FEDORA:A906F601DD76", "FEDORA:ADC626076F59"]}, {"type": "nessus", "idList": ["FEDORA_2017-1585789772.NASL", "FEDORA_2017-608B6F5945.NASL", "FEDORA_2017-81FE39AD9F.NASL", "OPENSUSE-2017-1339.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310873903", "OPENVAS:1361412562310873904", "OPENVAS:1361412562310873920"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-15093"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2017-15093", "epss": "0.001040000", "percentile": "0.410020000", "modified": "2023-03-17"}], "vulnersScore": 5.8}, "_state": {"dependencies": 1687535159, "score": 1687534434, "epss": 0}, "_internal": {"score_hash": "0f2d13632ff1c17ccc4ea5ec3135dfe9"}, "affectedPackage": [{"OS": "Alpine", "OSVersion": "edge-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r0", "operator": "lt", "packageName": "pdns-recursor"}, {"OS": "Alpine", "OSVersion": "3.10-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r0", "operator": "lt", "packageName": "pdns-recursor"}, {"OS": "Alpine", "OSVersion": "3.11-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r0", "operator": "lt", "packageName": "pdns-recursor"}, {"OS": "Alpine", "OSVersion": "3.12-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r0", "operator": "lt", "packageName": "pdns-recursor"}, {"OS": "Alpine", "OSVersion": "3.13-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r0", "operator": "lt", "packageName": "pdns-recursor"}, {"OS": "Alpine", "OSVersion": "3.14-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r0", "operator": "lt", "packageName": "pdns-recursor"}, {"OS": "Alpine", "OSVersion": "3.15-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r0", "operator": "lt", "packageName": "pdns-recursor"}, {"OS": "Alpine", "OSVersion": "3.16-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r0", "operator": "lt", "packageName": "pdns-recursor"}, {"OS": "Alpine", "OSVersion": "3.17-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r0", "operator": "lt", "packageName": "pdns-recursor"}, {"OS": "Alpine", "OSVersion": "3.18-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r0", "operator": "lt", "packageName": "pdns-recursor"}, {"OS": "Alpine", "OSVersion": "3.7-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r0", "operator": "lt", "packageName": "pdns-recursor"}, {"OS": "Alpine", "OSVersion": "3.8-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r0", "operator": "lt", "packageName": "pdns-recursor"}, {"OS": "Alpine", "OSVersion": "3.9-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r0", "operator": "lt", "packageName": "pdns-recursor"}]}
{"nessus": [{"lastseen": "2023-05-18T14:24:27", "description": "According to its self-reported version number, the version of the PowerDNS Recursor listening on the remote host is prior to to 4.0.7.\nIt is, therefore, affected by a vulnerability where a remote authenticated user can injection additional configuration directives via the API.\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.\nAlso, Nessus has not checked for the presence of the patch.", "cvss3": {}, "published": "2018-01-19T00:00:00", "type": "nessus", "title": "PowerDNS Recursor < 4.0.7 API Configuration Injection Vulnerability (CVE-2017-15093)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15093"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:powerdns:powerdns", "cpe:/a:powerdns:recursor"], "id": "POWERDNS_RECURSOR_4_0_7_2017-06.NASL", "href": "https://www.tenable.com/plugins/nessus/106194", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106194);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2017-15093\");\n script_bugtraq_id(101982);\n\n script_name(english:\"PowerDNS Recursor < 4.0.7 API Configuration Injection Vulnerability (CVE-2017-15093)\");\n script_summary(english:\"Checks the PowerDNS Recursor version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote name server is affected by a configuration injection\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the version of the\nPowerDNS Recursor listening on the remote host is prior to to 4.0.7.\nIt is, therefore, affected by a vulnerability where a remote\nauthenticated user can injection additional configuration directives\nvia the API.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\nAlso, Nessus has not checked for the presence of the patch.\");\n # https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d99c3923\");\n # https://blog.powerdns.com/2017/11/27/powerdns-authoritative-server-4-0-5-and-recursor-4-0-7-released/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9ad28007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/oss-sec/2017/q4/329\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PowerDNS Recursor 4.0.7 or later. Alternatively, apply the\npatches referenced in the vendor advisories.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-15093\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:powerdns:powerdns\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:powerdns:recursor\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"DNS\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"pdns_version.nasl\");\n script_require_keys(\"pdns/version_full\", \"pdns/version_source\", \"pdns/type\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"PowerDNS Recursor\";\nversion_source = get_kb_item_or_exit(\"pdns/version_source\");\nversion = get_kb_item_or_exit(\"pdns/version_full\");\n\nport = 53;\n\n# Only the Recursor is affected\ntype = get_kb_item_or_exit(\"pdns/type\");\nif (type != 'recursor') audit(AUDIT_NOT_LISTEN, app_name, port, \"UDP\");\n\nif (version == \"unknown\") audit(AUDIT_UNKNOWN_APP_VER, app_name);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (version =~ \"^[0-3]\\.\" || version =~ \"^4\\.0\\.[0-6]([^0-9]|$)\")\n{\n report =\n '\\n Version source : ' + version_source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 4.0.7' +\n '\\n';\n security_report_v4(severity:SECURITY_NOTE, port:port, proto:\"udp\", extra:report);\n}\nelse\n audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version, \"UDP\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:36", "description": "Update to latest version. Contains security fixes for CVE-2017-15090, CVE-2017-15092, CVE-2017-15093 and CVE-2017-15094\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-12-13T00:00:00", "type": "nessus", "title": "Fedora 25 : pdns-recursor (2017-81fe39ad9f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15090", "CVE-2017-15092", "CVE-2017-15093", "CVE-2017-15094"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pdns-recursor", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-81FE39AD9F.NASL", "href": "https://www.tenable.com/plugins/nessus/105203", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-81fe39ad9f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105203);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-15090\", \"CVE-2017-15092\", \"CVE-2017-15093\", \"CVE-2017-15094\");\n script_xref(name:\"FEDORA\", value:\"2017-81fe39ad9f\");\n\n script_name(english:\"Fedora 25 : pdns-recursor (2017-81fe39ad9f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest version. Contains security fixes for CVE-2017-15090,\nCVE-2017-15092, CVE-2017-15093 and CVE-2017-15094\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-81fe39ad9f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pdns-recursor package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pdns-recursor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"pdns-recursor-4.0.7-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pdns-recursor\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:36", "description": "Update to latest version. Contains security fixes for CVE-2017-15090, CVE-2017-15092, CVE-2017-15093 and CVE-2017-15094\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-12-13T00:00:00", "type": "nessus", "title": "Fedora 26 : pdns-recursor (2017-1585789772)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15090", "CVE-2017-15092", "CVE-2017-15093", "CVE-2017-15094"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pdns-recursor", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-1585789772.NASL", "href": "https://www.tenable.com/plugins/nessus/105198", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-1585789772.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105198);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-15090\", \"CVE-2017-15092\", \"CVE-2017-15093\", \"CVE-2017-15094\");\n script_xref(name:\"FEDORA\", value:\"2017-1585789772\");\n\n script_name(english:\"Fedora 26 : pdns-recursor (2017-1585789772)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest version. Contains security fixes for CVE-2017-15090,\nCVE-2017-15092, CVE-2017-15093 and CVE-2017-15094\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-1585789772\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pdns-recursor package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pdns-recursor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"pdns-recursor-4.0.7-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pdns-recursor\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:08", "description": "Update to latest version. Contains security fixes for CVE-2017-15090, CVE-2017-15092, CVE-2017-15093 and CVE-2017-15094\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Fedora 27 : pdns-recursor (2017-608b6f5945)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15090", "CVE-2017-15092", "CVE-2017-15093", "CVE-2017-15094"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pdns-recursor", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-608B6F5945.NASL", "href": "https://www.tenable.com/plugins/nessus/105888", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-608b6f5945.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105888);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-15090\", \"CVE-2017-15092\", \"CVE-2017-15093\", \"CVE-2017-15094\");\n script_xref(name:\"FEDORA\", value:\"2017-608b6f5945\");\n\n script_name(english:\"Fedora 27 : pdns-recursor (2017-608b6f5945)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest version. Contains security fixes for CVE-2017-15090,\nCVE-2017-15092, CVE-2017-15093 and CVE-2017-15094\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-608b6f5945\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pdns-recursor package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pdns-recursor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"pdns-recursor-4.0.7-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pdns-recursor\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:29", "description": "This update for pdns-recursor fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-15090: An issue has been found in the DNSSEC validation component of PowerDNS Recursor, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records (boo#1069242).\n\n - CVE-2017-15092: An issue has been found in the web interface of PowerDNS Recursor, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and JavaScript code into the web interface, altering the content (boo#1069242).\n\n - CVE-2017-15093: When `api-config-dir` is set to a non-empty value, which is not the case by default, the API allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration (boo#1069242).\n\n - CVE-2017-15094: An issue has been found in the DNSSEC parsing code of PowerDNS Recursor during a code audit by Nixu, leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys (boo#1069242).", "cvss3": {}, "published": "2017-12-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : pdns-recursor (openSUSE-2017-1339)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15090", "CVE-2017-15092", "CVE-2017-15093", "CVE-2017-15094"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:pdns-recursor", "p-cpe:/a:novell:opensuse:pdns-recursor-debuginfo", "p-cpe:/a:novell:opensuse:pdns-recursor-debugsource", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1339.NASL", "href": "https://www.tenable.com/plugins/nessus/105229", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1339.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105229);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-15090\", \"CVE-2017-15092\", \"CVE-2017-15093\", \"CVE-2017-15094\");\n\n script_name(english:\"openSUSE Security Update : pdns-recursor (openSUSE-2017-1339)\");\n script_summary(english:\"Check for the openSUSE-2017-1339 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for pdns-recursor fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-15090: An issue has been found in the DNSSEC\n validation component of PowerDNS Recursor, where the\n signatures might have been accepted as valid even if the\n signed data was not in bailiwick of the DNSKEY used to\n sign it. This allows an attacker in position of\n man-in-the-middle to alter the content of records by\n issuing a valid signature for the crafted records\n (boo#1069242).\n\n - CVE-2017-15092: An issue has been found in the web\n interface of PowerDNS Recursor, where the qname of DNS\n queries was displayed without any escaping, allowing a\n remote attacker to inject HTML and JavaScript code into\n the web interface, altering the content (boo#1069242).\n\n - CVE-2017-15093: When `api-config-dir` is set to a\n non-empty value, which is not the case by default, the\n API allows an authorized user to update the Recursor's\n ACL by adding and removing netmasks, and to configure\n forward zones. It was discovered that the new netmask\n and IP addresses of forwarded zones were not\n sufficiently validated, allowing an authenticated user\n to inject new configuration directives into the\n Recursor's configuration (boo#1069242).\n\n - CVE-2017-15094: An issue has been found in the DNSSEC\n parsing code of PowerDNS Recursor during a code audit by\n Nixu, leading to a memory leak when parsing specially\n crafted DNSSEC ECDSA keys (boo#1069242).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1069242\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pdns-recursor packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-recursor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-recursor-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-recursor-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pdns-recursor-3.7.3-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pdns-recursor-debuginfo-3.7.3-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pdns-recursor-debugsource-3.7.3-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"pdns-recursor-4.0.5-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"pdns-recursor-debuginfo-4.0.5-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"pdns-recursor-debugsource-4.0.5-3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pdns-recursor / pdns-recursor-debuginfo / pdns-recursor-debugsource\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2023-06-24T14:42:32", "description": "When api-config-dir is set to a non-empty value, which is not the case by\ndefault, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x\nup to and including 3.7.4 allows an authorized user to update the\nRecursor's ACL by adding and removing netmasks, and to configure forward\nzones. It was discovered that the new netmask and IP addresses of forwarded\nzones were not sufficiently validated, allowing an authenticated user to\ninject new configuration directives into the Recursor's configuration.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-23T00:00:00", "type": "ubuntucve", "title": "CVE-2017-15093", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15093"], "modified": "2018-01-23T00:00:00", "id": "UB:CVE-2017-15093", "href": "https://ubuntu.com/security/CVE-2017-15093", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "debiancve": [{"lastseen": "2023-06-23T14:40:15", "description": "When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-23T15:29:00", "type": "debiancve", "title": "CVE-2017-15093", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15093"], "modified": "2018-01-23T15:29:00", "id": "DEBIANCVE:CVE-2017-15093", "href": "https://security-tracker.debian.org/tracker/CVE-2017-15093", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:34:44", "description": "PowerDNS Recursor is prone to a configuration file injection\nvulnerability.", "cvss3": {}, "published": "2017-11-28T00:00:00", "type": "openvas", "title": "PowerDNS Recursor File Injection Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15093"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310140544", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140544", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_pdns_api_vuln.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# PowerDNS Recursor File Injection Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:powerdns:recursor';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140544\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-28 08:39:40 +0700 (Tue, 28 Nov 2017)\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2017-15093\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"PowerDNS Recursor File Injection Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"pdns_version.nasl\");\n script_mandatory_keys(\"powerdns/recursor/installed\");\n\n script_tag(name:\"summary\", value:\"PowerDNS Recursor is prone to a configuration file injection\nvulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue has been found in the API of PowerDNS Recursor during a source code\naudit by Nixu. When api-config-dir is set to a non-empty value, which is not the case by default, the API allows\nan authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones.\nIt was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated,\nallowing an authenticated user to inject new configuration directives into the Recursor's configuration.\");\n\n script_tag(name:\"affected\", value:\"PowerDNS Recursor up to and including 4.0.6, 3.7.4.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 4.0.7 or later.\");\n\n script_xref(name:\"URL\", value:\"https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_proto(cpe: CPE, port: port))\n exit(0);\n\nversion = infos[\"version\"];\nproto = infos[\"proto\"];\n\nif (version_is_less(version: version, test_version: \"4.0.7\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"4.0.7\");\n security_message(data: report, port: port, proto: proto);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-12-14T00:00:00", "type": "openvas", "title": "Fedora Update for pdns-recursor FEDORA-2017-608b6f5945", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15094", "CVE-2017-15092", "CVE-2017-15093", "CVE-2017-15090"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873904", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873904", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_608b6f5945_pdns-recursor_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for pdns-recursor FEDORA-2017-608b6f5945\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873904\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-14 11:42:56 +0100 (Thu, 14 Dec 2017)\");\n script_cve_id(\"CVE-2017-15090\", \"CVE-2017-15092\", \"CVE-2017-15093\", \"CVE-2017-15094\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for pdns-recursor FEDORA-2017-608b6f5945\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pdns-recursor'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"pdns-recursor on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-608b6f5945\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OYKW2TDQCTDR7RXN5NVRQTXAWEH6ZAS\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"pdns-recursor\", rpm:\"pdns-recursor~4.0.7~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-12-14T00:00:00", "type": "openvas", "title": "Fedora Update for pdns-recursor FEDORA-2017-81fe39ad9f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15094", "CVE-2017-15092", "CVE-2017-15093", "CVE-2017-15090"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873920", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873920", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_81fe39ad9f_pdns-recursor_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for pdns-recursor FEDORA-2017-81fe39ad9f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873920\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-14 11:43:37 +0100 (Thu, 14 Dec 2017)\");\n script_cve_id(\"CVE-2017-15090\", \"CVE-2017-15092\", \"CVE-2017-15093\", \"CVE-2017-15094\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for pdns-recursor FEDORA-2017-81fe39ad9f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pdns-recursor'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"pdns-recursor on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-81fe39ad9f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCREZES2WDXPXVL2SQ7VB5ETD6KZUATA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"pdns-recursor\", rpm:\"pdns-recursor~4.0.7~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-12-14T00:00:00", "type": "openvas", "title": "Fedora Update for pdns-recursor FEDORA-2017-1585789772", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15094", "CVE-2017-15092", "CVE-2017-15093", "CVE-2017-15090"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873903", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873903", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_1585789772_pdns-recursor_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for pdns-recursor FEDORA-2017-1585789772\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873903\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-14 11:42:47 +0100 (Thu, 14 Dec 2017)\");\n script_cve_id(\"CVE-2017-15090\", \"CVE-2017-15092\", \"CVE-2017-15093\", \"CVE-2017-15094\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for pdns-recursor FEDORA-2017-1585789772\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pdns-recursor'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"pdns-recursor on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-1585789772\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IAJMRSIVZE2BT6EPPABE3TZDC74MX4SU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"pdns-recursor\", rpm:\"pdns-recursor~4.0.7~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:32:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-14T00:00:00", "type": "openvas", "title": "Fedora Update for pdns-recursor FEDORA-2018-76c82b393e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15094", "CVE-2017-15120", "CVE-2017-15092", "CVE-2017-15093", "CVE-2018-1000003", "CVE-2017-15090"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874674", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874674", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_76c82b393e_pdns-recursor_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for pdns-recursor FEDORA-2018-76c82b393e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874674\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-14 05:59:17 +0200 (Thu, 14 Jun 2018)\");\n script_cve_id(\"CVE-2017-15120\", \"CVE-2018-1000003\", \"CVE-2017-15090\", \"CVE-2017-15092\",\n \"CVE-2017-15093\", \"CVE-2017-15094\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for pdns-recursor FEDORA-2018-76c82b393e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pdns-recursor'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"pdns-recursor on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-76c82b393e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PL6PS2SCNGXMZVF4DQWHFTMGOEOHFW2U\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"pdns-recursor\", rpm:\"pdns-recursor~4.1.3~2.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-06-23T14:29:06", "description": "When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-23T15:29:00", "type": "cve", "title": "CVE-2017-15093", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15093"], "modified": "2019-10-09T23:24:00", "cpe": ["cpe:/a:powerdns:recursor:3.7.4", "cpe:/a:powerdns:recursor:4.0.6"], "id": "CVE-2017-15093", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15093", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:powerdns:recursor:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:powerdns:recursor:4.0.6:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "PowerDNS Recursor is a non authoritative/recursing DNS server. Use this package if you need a dns cache for your network. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-12-12T11:30:15", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: pdns-recursor-4.0.7-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15090", "CVE-2017-15092", "CVE-2017-15093", "CVE-2017-15094"], "modified": "2017-12-12T11:30:15", "id": "FEDORA:3AD2760D1C9C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4OYKW2TDQCTDR7RXN5NVRQTXAWEH6ZAS/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "description": "PowerDNS Recursor is a non authoritative/recursing DNS server. Use this package if you need a dns cache for your network. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-12-12T13:46:26", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: pdns-recursor-4.0.7-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15090", "CVE-2017-15092", "CVE-2017-15093", "CVE-2017-15094"], "modified": "2017-12-12T13:46:26", "id": "FEDORA:A906F601DD76", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IAJMRSIVZE2BT6EPPABE3TZDC74MX4SU/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "description": "PowerDNS Recursor is a non authoritative/recursing DNS server. Use this package if you need a dns cache for your network. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-12-12T14:40:52", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: pdns-recursor-4.0.7-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15090", "CVE-2017-15092", "CVE-2017-15093", "CVE-2017-15094"], "modified": "2017-12-12T14:40:52", "id": "FEDORA:ADC626076F59", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MCREZES2WDXPXVL2SQ7VB5ETD6KZUATA/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "description": "PowerDNS Recursor is a non authoritative/recursing DNS server. Use this package if you need a dns cache for your network. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-13T21:34:25", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: pdns-recursor-4.1.3-2.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15090", "CVE-2017-15092", "CVE-2017-15093", "CVE-2017-15094", "CVE-2017-15120", "CVE-2018-1000003"], "modified": "2018-06-13T21:34:25", "id": "FEDORA:6EFE46076025", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PL6PS2SCNGXMZVF4DQWHFTMGOEOHFW2U/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2022-05-21T01:24:41", "description": "An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2022-05-20T22:30:18", "type": "redhatcve", "title": "CVE-2017-15090", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15090", "CVE-2017-15092", "CVE-2017-15093", "CVE-2017-15094"], "modified": "2022-05-20T22:30:18", "id": "RH:CVE-2017-15090", "href": "https://access.redhat.com/security/cve/cve-2017-15090", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-21T01:24:42", "description": "When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2022-05-20T23:27:39", "type": "redhatcve", "title": "CVE-2017-15093", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15090", "CVE-2017-15092", "CVE-2017-15093", "CVE-2017-15094"], "modified": "2022-05-20T23:27:39", "id": "RH:CVE-2017-15093", "href": "https://access.redhat.com/security/cve/cve-2017-15093", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "archlinux": [{"lastseen": "2023-06-23T14:57:59", "description": "Arch Linux Security Advisory ASA-201711-31\n==========================================\n\nSeverity: Medium\nDate : 2017-11-27\nCVE-ID : CVE-2017-15090 CVE-2017-15092 CVE-2017-15093 CVE-2017-15094\nPackage : powerdns-recursor\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-520\n\nSummary\n=======\n\nThe package powerdns-recursor before version 4.0.7-1 is vulnerable to\nmultiple issues including cross-site scripting, denial of service and\ninsufficient validation.\n\nResolution\n==========\n\nUpgrade to 4.0.7-1.\n\n# pacman -Syu \"powerdns-recursor>=4.0.7-1\"\n\nThe problems have been fixed upstream in version 4.0.7.\n\nWorkaround\n==========\n\nIt is possible to work around CVE-2017-15093 by disabling the ability\nto alter the configuration via the API by setting 'api-config-dir' to\nan empty value (default), or by marking the API read-only via the 'api-\nreadonly' setting.\n\nDescription\n===========\n\n- CVE-2017-15090 (insufficient validation)\n\nAn issue has been found in the DNSSEC validation component of PowerDNS\nRecursor from 4.0.0 up to and including 4.0.5, where the signatures\nmight have been accepted as valid even if the signed data was not in\nbailiwick of the DNSKEY used to sign it. This allows an attacker in\nposition of man-in-the-middle to alter the content of records by\nissuing a valid signature for the crafted records.\n\n- CVE-2017-15092 (cross-site scripting)\n\nAn issue has been found in the web interface of PowerDNS Recursor from\n4.0.0 and up to and including 4.0.6, where the qname of DNS queries was\ndisplayed without any escaping, allowing a remote attacker to inject\nHTML and Javascript code into the web interface, altering the content.\n\n- CVE-2017-15093 (insufficient validation)\n\nAn issue has been found in the API of PowerDNS Recursor < 4.0.7, during\na source code audit by Nixu. When 'api-config-dir' is set to a non-\nempty value, which is not the case by default, the API allows an\nauthorized user to update the Recursor\u2019s ACL by adding and removing\nnetmasks, and to configure forward zones. It was discovered that the\nnew netmask and IP addresses of forwarded zones were not sufficiently\nvalidated, allowing an authenticated user to inject new configuration\ndirectives into the Recursor\u2019s configuration.\n\n- CVE-2017-15094 (denial of service)\n\nAn issue has been found in the DNSSEC parsing code of PowerDNS Recursor\nfrom 4.0.0 and up to and including 4.0.6, during a code audit by Nixu,\nleading to a memory leak when parsing specially crafted DNSSEC ECDSA\nkeys. These keys are only parsed when validation is enabled by setting\n'dnssec' to a value other than 'off' or 'process-no-validate'\n(default).\n\nImpact\n======\n\nA remote, unauthenticated attacker can inject Javascript code into the\nweb interface, or can cause a denial of service via crafted DNSSEC\nsignatures. An attacker in position of man-in-the-middle can also\nbypass DNSSEC validation via a crafted signature. In addition to that,\na remote authenticated attacker with access to the API can inject\nunexpected directives into the configuration file.\n\nReferences\n==========\n\nhttp://seclists.org/oss-sec/2017/q4/329\nhttps://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html\nhttps://github.com/PowerDNS/pdns/commit/9aed598c9a0a8f9b3a2a9c2310023d56c4a26ef8\nhttps://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html\nhttps://github.com/PowerDNS/pdns/commit/fd30387c26144cda3a5ab50c3946635bec1020b7\nhttps://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html\nhttps://github.com/PowerDNS/pdns/commit/badf9e8900428f21585f7f929aeddc87cd0d2069\nhttps://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html\nhttps://github.com/PowerDNS/pdns/commit/e87fe3987ab9a3b900544a0fc3bcf41068eef92a\nhttps://security.archlinux.org/CVE-2017-15090\nhttps://security.archlinux.org/CVE-2017-15092\nhttps://security.archlinux.org/CVE-2017-15093\nhttps://security.archlinux.org/CVE-2017-15094", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-11-27T00:00:00", "type": "archlinux", "title": "[ASA-201711-31] powerdns-recursor: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15090", "CVE-2017-15092", "CVE-2017-15093", "CVE-2017-15094"], "modified": "2017-11-27T00:00:00", "id": "ASA-201711-31", "href": "https://security.archlinux.org/ASA-201711-31", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
CVE-2017-15093
