An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).
{"archlinux": [{"lastseen": "2023-12-06T16:49:08", "description": "Arch Linux Security Advisory ASA-202010-6\n=========================================\n\nSeverity: High\nDate : 2020-10-18\nCVE-ID : CVE-2020-25829\nPackage : powerdns-recursor\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1243\n\nSummary\n=======\n\nThe package powerdns-recursor before version 4.3.5-1 is vulnerable to\ndenial of service.\n\nResolution\n==========\n\nUpgrade to 4.3.5-1.\n\n# pacman -Syu \"powerdns-recursor>=4.3.5-1\"\n\nThe problem has been fixed upstream in version 4.3.5.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nAn issue has been found in PowerDNS Recursor before 4.3.5 where a\nremote attacker can cause the cached records for a given name to be\nupdated to the \u2018Bogus\u2019 DNSSEC validation state, instead of their actual\nDNSSEC \u2018Secure\u2019 state, via a DNS ANY query. This results in a denial of\nservice for installations that always validate (dnssec=validate) and\nfor clients requesting validation when on-demand validation is enabled\n(dnssec=process).\n\nImpact\n======\n\nA remote attacker can deny DNSSEC validation by updating the state of\ncached entries.\n\nReferences\n==========\n\nhttps://www.openwall.com/lists/oss-security/2020/10/13/3\nhttps://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html\nhttps://downloads.powerdns.com/patches/2020-07/any-cache-update-4.3.4.diff\nhttps://github.com/PowerDNS/pdns/commit/ae33c53e68a32189e0a2fd3df24821d3edce4503\nhttps://security.archlinux.org/CVE-2020-25829", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-18T00:00:00", "type": "archlinux", "title": "[ASA-202010-6] powerdns-recursor: denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25829"], "modified": "2020-10-18T00:00:00", "id": "ASA-202010-6", "href": "https://security.archlinux.org/ASA-202010-6", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-05-19T14:11:36", "description": "PowerDNS Team reports :\n\nCVE-2020-25829: An issue has been found in PowerDNS Recursor where a remote attacker can cause the cached records for a given name to be updated to the 'Bogus' DNSSEC validation state, instead of their actual DNSSEC 'Secure' state, via a DNS ANY query. This results in a denial of service for installations that always validate (dnssec=validate) and for clients requesting validation when on-demand validation is enabled (dnssec=process).", "cvss3": {}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "FreeBSD : powerdns-recursor -- cache pollution (a6860b11-0dee-11eb-94ff-6805ca2fa271)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25829"], "modified": "2020-10-26T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:powerdns-recursor", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_A6860B110DEE11EB94FF6805CA2FA271.NASL", "href": "https://www.tenable.com/plugins/nessus/141549", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141549);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/26\");\n\n script_cve_id(\"CVE-2020-25829\");\n\n script_name(english:\"FreeBSD : powerdns-recursor -- cache pollution (a6860b11-0dee-11eb-94ff-6805ca2fa271)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"PowerDNS Team reports :\n\nCVE-2020-25829: An issue has been found in PowerDNS Recursor where a\nremote attacker can cause the cached records for a given name to be\nupdated to the 'Bogus' DNSSEC validation state, instead of their\nactual DNSSEC 'Secure' state, via a DNS ANY query. This results in\na denial of service for installations that always validate\n(dnssec=validate) and for clients requesting validation when on-demand\nvalidation is enabled (dnssec=process).\"\n );\n # https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc71f722\"\n );\n # https://vuxml.freebsd.org/freebsd/a6860b11-0dee-11eb-94ff-6805ca2fa271.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9bb6c679\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:powerdns-recursor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"powerdns-recursor>=4.3.0<4.3.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"powerdns-recursor>=4.2.0<4.2.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"powerdns-recursor>=4.1.0<4.1.18\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:25", "description": "The remote host is affected by the vulnerability described in GLSA-202012-19 (PowerDNS Recursor: Denial of service)\n\n It was discovered that it was possible to update the DNSSEC validation state to a bogus state for a cached record via DNS ANY query.\n Impact :\n\n A remote attacker could send specially crafted DNS queries to deny DNSSEC validation.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2020-12-24T00:00:00", "type": "nessus", "title": "GLSA-202012-19 : PowerDNS Recursor: Denial of service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25829"], "modified": "2020-12-28T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:pdns-recursor", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202012-19.NASL", "href": "https://www.tenable.com/plugins/nessus/144600", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202012-19.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144600);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/28\");\n\n script_cve_id(\"CVE-2020-25829\");\n script_xref(name:\"GLSA\", value:\"202012-19\");\n\n script_name(english:\"GLSA-202012-19 : PowerDNS Recursor: Denial of service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202012-19\n(PowerDNS Recursor: Denial of service)\n\n It was discovered that it was possible to update the DNSSEC validation\n state to a bogus state for a cached record via DNS ANY query.\n \nImpact :\n\n A remote attacker could send specially crafted DNS queries to deny\n DNSSEC validation.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d1ac366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202012-19\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All PowerDNS Recursor users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-dns/pdns-recursor-4.3.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pdns-recursor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-dns/pdns-recursor\", unaffected:make_list(\"ge 4.3.5\"), vulnerable:make_list(\"lt 4.3.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PowerDNS Recursor\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:11:36", "description": "This update for pdns-recursor fixes the following issues :\n\n-pdns-recursorwas updated to 4.1.1 and 4.3.5 :\n\n - CVE-2020-25829: Fixed a cache pollution related to DNSSEC validation (boo#1177383)\n\n - CVE-2020-14196: Fixed an access restriction bypass with API key and password authentication (boo#1173302).", "cvss3": {}, "published": "2020-10-19T00:00:00", "type": "nessus", "title": "openSUSE Security Update : pdns-recursor (openSUSE-2020-1687)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14196", "CVE-2020-25829"], "modified": "2020-10-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:pdns-recursor", "p-cpe:/a:novell:opensuse:pdns-recursor-debuginfo", "p-cpe:/a:novell:opensuse:pdns-recursor-debugsource", "cpe:/o:novell:opensuse:15.1", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1687.NASL", "href": "https://www.tenable.com/plugins/nessus/141530", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1687.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141530);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/21\");\n\n script_cve_id(\"CVE-2020-14196\", \"CVE-2020-25829\");\n\n script_name(english:\"openSUSE Security Update : pdns-recursor (openSUSE-2020-1687)\");\n script_summary(english:\"Check for the openSUSE-2020-1687 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for pdns-recursor fixes the following issues :\n\n-pdns-recursorwas updated to 4.1.1 and 4.3.5 :\n\n - CVE-2020-25829: Fixed a cache pollution related to\n DNSSEC validation (boo#1177383)\n\n - CVE-2020-14196: Fixed an access restriction bypass with\n API key and password authentication (boo#1173302).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177383\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected pdns-recursor packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-recursor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-recursor-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-recursor-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1|SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1 / 15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"pdns-recursor-4.1.12-lp151.3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"pdns-recursor-debuginfo-4.1.12-lp151.3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"pdns-recursor-debugsource-4.1.12-lp151.3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"pdns-recursor-4.3.5-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"pdns-recursor-debuginfo-4.3.5-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"pdns-recursor-debugsource-4.3.5-lp152.2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pdns-recursor / pdns-recursor-debuginfo / pdns-recursor-debugsource\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "prion": [{"lastseen": "2023-11-22T01:31:24", "description": "An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-16T06:15:00", "type": "prion", "title": "Input validation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25829"], "modified": "2022-06-15T03:15:00", "id": "PRION:CVE-2020-25829", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-25829", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-12-06T15:57:22", "description": "An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-16T06:15:00", "type": "cve", "title": "CVE-2020-25829", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25829"], "modified": "2022-06-15T03:15:00", "cpe": ["cpe:/o:opensuse:leap:15.2", "cpe:/a:opensuse:backports_sle:15.0", "cpe:/o:opensuse:leap:15.1"], "id": "CVE-2020-25829", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25829", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*", "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*"]}], "freebsd": [{"lastseen": "2023-12-06T16:51:40", "description": "\n\nPowerDNS Team reports:\n\nCVE-2020-25829: An issue has been found in PowerDNS Recursor where a\n\t remote attacker can cause the cached records for a given name to be\n\t updated to the \u2018Bogus\u2019 DNSSEC validation state, instead of their actual\n\t DNSSEC \u2018Secure\u2019 state, via a DNS ANY query. This results in a denial\n\t of service for installations that always validate (dnssec=validate)\n\t and for clients requesting validation when on-demand validation is\n\t enabled (dnssec=process).\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-13T00:00:00", "type": "freebsd", "title": "powerdns-recursor -- cache pollution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25829"], "modified": "2020-10-13T00:00:00", "id": "A6860B11-0DEE-11EB-94FF-6805CA2FA271", "href": "https://vuxml.freebsd.org/freebsd/a6860b11-0dee-11eb-94ff-6805ca2fa271.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2023-12-06T16:56:00", "description": "An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process). (CVE-2020-25829) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-24T20:51:47", "type": "mageia", "title": "Updated pdns-recursor package fixes a security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25829"], "modified": "2020-10-24T20:51:47", "id": "MGASA-2020-0393", "href": "https://advisories.mageia.org/MGASA-2020-0393.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-07T14:16:28", "description": "An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before\n4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached\nrecords for a given name to be updated to the Bogus DNSSEC validation\nstate, instead of their actual DNSSEC Secure state, via a DNS ANY query.\nThis results in a denial of service for installation that always validate\n(dnssec=validate), and for clients requesting validation when on-demand\nvalidation is enabled (dnssec=process).\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972159>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-16T00:00:00", "type": "ubuntucve", "title": "CVE-2020-25829", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25829"], "modified": "2020-10-16T00:00:00", "id": "UB:CVE-2020-25829", "href": "https://ubuntu.com/security/CVE-2020-25829", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2022-07-26T16:39:13", "description": "pdns-recursor is vulnerable to denial of service. A remote attacker is able to cause the cached records for a given name to be updated to the Bogus DNSSEC validation state instead of their actual DNSSEC Secure state via a DNS ANY query, resulting in a denial of service condition for the installation that performs validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-18T01:47:42", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25829"], "modified": "2022-06-15T06:21:38", "id": "VERACODE:27604", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-27604/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2023-12-06T16:55:47", "description": "### Background\n\nPowerDNS Recursor is a high-end, high-performance resolving name server.\n\n### Description\n\nIt was discovered that it was possible to update the DNSSEC validation state to a bogus state for a cached record via DNS ANY query. \n\n### Impact\n\nA remote attacker could send specially crafted DNS queries to deny DNSSEC validation. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PowerDNS Recursor users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-dns/pdns-recursor-4.3.5\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-23T00:00:00", "type": "gentoo", "title": "PowerDNS Recursor: Denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25829"], "modified": "2020-12-23T00:00:00", "id": "GLSA-202012-19", "href": "https://security.gentoo.org/glsa/202012-19", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-12-06T18:25:44", "description": "An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-16T06:15:00", "type": "debiancve", "title": "CVE-2020-25829", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25829"], "modified": "2020-10-16T06:15:00", "id": "DEBIANCVE:CVE-2020-25829", "href": "https://security-tracker.debian.org/tracker/CVE-2020-25829", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2022-11-06T17:59:08", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for pdns-recursor fixes the following issues:\n\n -pdns-recursorwas updated to 4.1.1 and 4.3.5:\n - CVE-2020-25829: Fixed a cache pollution related to DNSSEC validation\n (boo#1177383)\n - CVE-2020-14196: Fixed an access restriction bypass with API key and\n password authentication (boo#1173302).\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-1687=1\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-1687=1\n\n - openSUSE Backports SLE-15-SP2:\n\n zypper in -t patch openSUSE-2020-1687=1\n\n - openSUSE Backports SLE-15-SP1:\n\n zypper in -t patch openSUSE-2020-1687=1\n\n - SUSE Package Hub for SUSE Linux Enterprise 12:\n\n zypper in -t patch openSUSE-2020-1687=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-17T00:00:00", "type": "suse", "title": "Security update for pdns-recursor (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14196", "CVE-2020-25829"], "modified": "2020-10-17T00:00:00", "id": "OPENSUSE-SU-2020:1687-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O26ZKRRHUN2FIKICHEFCVARVPNFXWXFX/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
CVE-2020-25829
