ID ASA-201711-30 Type archlinux Reporter ArchLinux Modified 2017-11-27T00:00:00
Description
Arch Linux Security Advisory ASA-201711-30
Severity: Low
Date : 2017-11-27
CVE-ID : CVE-2017-15091
Package : powerdns
Type : access restriction bypass
Remote : Yes
Link : https://security.archlinux.org/AVG-519
Summary
The package powerdns before version 4.0.5-1 is vulnerable to access
restriction bypass.
Resolution
Upgrade to 4.0.5-1.
pacman -Syu "powerdns>=4.0.5-1"
The problem has been fixed upstream in version 4.0.5.
Workaround
None.
Description
An issue has been found in the API component of PowerDNS Authoritative
< 4.0.5, where some operations that have an impact on the state of the
server are still allowed even though the API has been configured as
read-only via the 'api-readonly' keyword. This missing check allows an
attacker with valid API credentials could flush the cache, trigger a
zone transfer or send a NOTIFY.
Impact
A remote, authenticated attacker can flush the cache, trigger a zone
transfer or send a NOTIFY through the API even though it was configured
as read-only.
{"id": "ASA-201711-30", "type": "archlinux", "bulletinFamily": "unix", "title": "[ASA-201711-30] powerdns: access restriction bypass", "description": "Arch Linux Security Advisory ASA-201711-30\n==========================================\n\nSeverity: Low\nDate : 2017-11-27\nCVE-ID : CVE-2017-15091\nPackage : powerdns\nType : access restriction bypass\nRemote : Yes\nLink : https://security.archlinux.org/AVG-519\n\nSummary\n=======\n\nThe package powerdns before version 4.0.5-1 is vulnerable to access\nrestriction bypass.\n\nResolution\n==========\n\nUpgrade to 4.0.5-1.\n\n# pacman -Syu \"powerdns>=4.0.5-1\"\n\nThe problem has been fixed upstream in version 4.0.5.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nAn issue has been found in the API component of PowerDNS Authoritative\n< 4.0.5, where some operations that have an impact on the state of the\nserver are still allowed even though the API has been configured as\nread-only via the 'api-readonly' keyword. This missing check allows an\nattacker with valid API credentials could flush the cache, trigger a\nzone transfer or send a NOTIFY.\n\nImpact\n======\n\nA remote, authenticated attacker can flush the cache, trigger a zone\ntransfer or send a NOTIFY through the API even though it was configured\nas read-only.\n\nReferences\n==========\n\nhttp://seclists.org/oss-sec/2017/q4/329\nhttps://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html\nhttps://github.com/PowerDNS/pdns/commit/245a2c8211db2f6c5771f93671e4eb80d4e0a0c7\nhttps://security.archlinux.org/CVE-2017-15091", "published": "2017-11-27T00:00:00", "modified": "2017-11-27T00:00:00", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}, "href": "https://security.archlinux.org/ASA-201711-30", "reporter": "ArchLinux", "references": ["https://security.archlinux.org/AVG-519", "http://seclists.org/oss-sec/2017/q4/329", "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html", "https://github.com/PowerDNS/pdns/commit/245a2c8211db2f6c5771f93671e4eb80d4e0a0c7", "https://security.archlinux.org/CVE-2017-15091"], "cvelist": ["CVE-2017-15091"], "lastseen": "2020-09-22T18:36:42", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-15091"]}, {"type": "nessus", "idList": ["OPENSUSE-2017-1340.NASL", "POWERDNS_AUTHORITATIVE_4_0_5.NASL"]}, {"type": "fedora", "idList": ["FEDORA:872C2605852E"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310140542", "OPENVAS:1361412562310874087"]}], "modified": "2020-09-22T18:36:42", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2020-09-22T18:36:42", "rev": 2}, "vulnersScore": 6.0}, "affectedPackage": [{"OS": "ArchLinux", "OSVersion": "any", "arch": "any", "packageName": "powerdns", "packageVersion": "4.0.5-1", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"cve": [{"lastseen": "2021-02-02T06:36:37", "description": "An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "baseScore": 7.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.2}, "published": "2018-01-23T15:29:00", "title": "CVE-2017-15091", "type": "cve", "cwe": ["CWE-358"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15091"], "modified": "2019-10-09T23:24:00", "cpe": ["cpe:/a:powerdns:authoritative:4.0.4", "cpe:/a:powerdns:authoritative:3.4.11"], "id": "CVE-2017-15091", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15091", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:powerdns:authoritative:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:powerdns:authoritative:3.4.11:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-03-01T05:22:43", "description": "According to its self-reported version number, the version of the\nPowerDNS Authoritative listening on the remote host is prior to\n4.0.5. It is, therefore, affected by a vulnerability in the API where\na remote authenticated attacker can perform operations that affect the\nserver state even if the api-readonly configuration is enabled.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\nAlso, Nessus has not checked for the presence of the patch.", "edition": 29, "cvss3": {"score": 7.1, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"}, "published": "2018-01-19T00:00:00", "title": "PowerDNS Authoritative < 4.0.5 Read Only Configuration Bypass (CVE-2017-15091)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-15091"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:powerdns:authoritative", "cpe:/a:powerdns:powerdns"], "id": "POWERDNS_AUTHORITATIVE_4_0_5.NASL", "href": "https://www.tenable.com/plugins/nessus/106192", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106192);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2017-15091\");\n script_bugtraq_id(101982);\n\n script_name(english:\"PowerDNS Authoritative < 4.0.5 Read Only Configuration Bypass (CVE-2017-15091)\");\n script_summary(english:\"Checks the PowerDNS Authoritative version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote name server is affected by a configuration bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the version of the\nPowerDNS Authoritative listening on the remote host is prior to\n4.0.5. It is, therefore, affected by a vulnerability in the API where\na remote authenticated attacker can perform operations that affect the\nserver state even if the api-readonly configuration is enabled.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\nAlso, Nessus has not checked for the presence of the patch.\");\n # https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d6d93a15\");\n # https://blog.powerdns.com/2017/11/27/powerdns-authoritative-server-4-0-5-and-recursor-4-0-7-released/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9ad28007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/oss-sec/2017/q4/329\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PowerDNS Authoritative 4.0.5 or later. Alternatively, apply the\npatches referenced in the vendor advisories.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-15091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:powerdns:powerdns\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:powerdns:authoritative\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"DNS\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"pdns_version.nasl\");\n script_require_keys(\"pdns/version_full\", \"pdns/version_source\", \"pdns/type\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"PowerDNS Authoritative\";\nversion_source = get_kb_item_or_exit(\"pdns/version_source\");\nversion = get_kb_item_or_exit(\"pdns/version_full\");\n\nport = 53;\n\n# Only Authoritative is affected\ntype = get_kb_item_or_exit(\"pdns/type\");\nif (type != 'authoritative server') audit(AUDIT_NOT_LISTEN, app_name, port, \"UDP\");\n\nif (version == \"unknown\") audit(AUDIT_UNKNOWN_APP_VER, app_name);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (version =~ \"^[0-3]\\.\" || version =~ \"^4\\.0\\.[0-4]([^0-9]|$)\")\n{\n report =\n '\\n Version source : ' + version_source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 4.0.5' +\n '\\n';\n security_report_v4(severity:SECURITY_WARNING, port:port, proto:\"udp\", extra:report);\n}\nelse\n audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version, \"UDP\");\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-01-20T12:31:36", "description": "This update for pdns fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2017-15091: An issue has been found in the API\n component of PowerDNS Authoritative, where some\n operations that have an impact on the state of the\n server are still allowed even though the API has been\n configured as read-only. This missing check allows an\n attacker with valid API credentials could flush the\n cache, trigger a zone transfer or send a NOTIFY\n (boo#1069242).", "edition": 18, "cvss3": {"score": 7.1, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"}, "published": "2017-12-14T00:00:00", "title": "openSUSE Security Update : pdns (openSUSE-2017-1340)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-15091"], "modified": "2017-12-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:pdns-backend-ldap", "p-cpe:/a:novell:opensuse:pdns-debuginfo", "p-cpe:/a:novell:opensuse:pdns-backend-lua-debuginfo", "p-cpe:/a:novell:opensuse:pdns-backend-postgresql", "p-cpe:/a:novell:opensuse:pdns-backend-sqlite3-debuginfo", "p-cpe:/a:novell:opensuse:pdns-backend-ldap-debuginfo", "p-cpe:/a:novell:opensuse:pdns-backend-sqlite3", "p-cpe:/a:novell:opensuse:pdns-backend-mysql", "p-cpe:/a:novell:opensuse:pdns-backend-postgresql-debuginfo", "p-cpe:/a:novell:opensuse:pdns-backend-geoip", "p-cpe:/a:novell:opensuse:pdns-backend-godbc-debuginfo", "p-cpe:/a:novell:opensuse:pdns-backend-godbc", "p-cpe:/a:novell:opensuse:pdns-backend-remote-debuginfo", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:pdns-backend-mydns", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:pdns-backend-geoip-debuginfo", "p-cpe:/a:novell:opensuse:pdns-debugsource", "p-cpe:/a:novell:opensuse:pdns", "p-cpe:/a:novell:opensuse:pdns-backend-lua", "p-cpe:/a:novell:opensuse:pdns-backend-remote", "p-cpe:/a:novell:opensuse:pdns-backend-mydns-debuginfo", "p-cpe:/a:novell:opensuse:pdns-backend-mysql-debuginfo"], "id": "OPENSUSE-2017-1340.NASL", "href": "https://www.tenable.com/plugins/nessus/105230", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1340.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105230);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-15091\");\n\n script_name(english:\"openSUSE Security Update : pdns (openSUSE-2017-1340)\");\n script_summary(english:\"Check for the openSUSE-2017-1340 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for pdns fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2017-15091: An issue has been found in the API\n component of PowerDNS Authoritative, where some\n operations that have an impact on the state of the\n server are still allowed even though the API has been\n configured as read-only. This missing check allows an\n attacker with valid API credentials could flush the\n cache, trigger a zone transfer or send a NOTIFY\n (boo#1069242).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1069242\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pdns packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-geoip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-godbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-godbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-lua-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-mydns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-mydns-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-remote-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-sqlite3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pdns-3.4.9-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pdns-backend-ldap-3.4.9-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pdns-backend-ldap-debuginfo-3.4.9-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pdns-backend-lua-3.4.9-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pdns-backend-lua-debuginfo-3.4.9-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pdns-backend-mydns-3.4.9-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pdns-backend-mydns-debuginfo-3.4.9-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pdns-backend-mysql-3.4.9-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pdns-backend-mysql-debuginfo-3.4.9-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pdns-backend-postgresql-3.4.9-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pdns-backend-postgresql-debuginfo-3.4.9-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pdns-backend-sqlite3-3.4.9-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pdns-backend-sqlite3-debuginfo-3.4.9-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pdns-debuginfo-3.4.9-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pdns-debugsource-3.4.9-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-backend-geoip-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-backend-geoip-debuginfo-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-backend-godbc-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-backend-godbc-debuginfo-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-backend-ldap-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-backend-ldap-debuginfo-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-backend-lua-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-backend-lua-debuginfo-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-backend-mydns-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-backend-mydns-debuginfo-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-backend-mysql-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-backend-mysql-debuginfo-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-backend-postgresql-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-backend-postgresql-debuginfo-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-backend-remote-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-backend-remote-debuginfo-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-backend-sqlite3-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-backend-sqlite3-debuginfo-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-debuginfo-4.0.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pdns-debugsource-4.0.3-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pdns / pdns-backend-ldap / pdns-backend-ldap-debuginfo / etc\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15091"], "description": "The PowerDNS Nameserver is a modern, advanced and high performance authoritative-only nameserver. It is written from scratch and conforms to all relevant DNS standards documents. Furthermore, PowerDNS interfaces with almost any database. ", "modified": "2018-02-02T17:40:34", "published": "2018-02-02T17:40:34", "id": "FEDORA:872C2605852E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: pdns-4.1.0-1.fc27", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:32:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-15091"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-02-03T00:00:00", "id": "OPENVAS:1361412562310874087", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874087", "type": "openvas", "title": "Fedora Update for pdns FEDORA-2017-d7c0748c1b", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_d7c0748c1b_pdns_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for pdns FEDORA-2017-d7c0748c1b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874087\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-03 07:50:56 +0100 (Sat, 03 Feb 2018)\");\n script_cve_id(\"CVE-2017-15091\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for pdns FEDORA-2017-d7c0748c1b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pdns'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"pdns on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2017-d7c0748c1b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XML5XIGYZ7HGH2B2JGUNBCXG2XBKMMY5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"pdns\", rpm:\"pdns~4.1.0~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-15091"], "description": "PowerDNS Authoritative Server is prone to a denial of service\nvulnerability.", "modified": "2018-10-26T00:00:00", "published": "2017-11-28T00:00:00", "id": "OPENVAS:1361412562310140542", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140542", "type": "openvas", "title": "PowerDNS Authoritative Server DoS Vulnerability", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_pdns_dos1.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# PowerDNS Authoritative Server DoS Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:powerdns:authoritative_server';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140542\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-28 08:39:40 +0700 (Tue, 28 Nov 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-15091\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"PowerDNS Authoritative Server DoS Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"pdns_version.nasl\");\n script_mandatory_keys(\"powerdns/authoritative_server/installed\");\n\n script_tag(name:\"summary\", value:\"PowerDNS Authoritative Server is prone to a denial of service\nvulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue has been found in the API component of PowerDNS Authoritative,\nwhere some operations that have an impact on the state of the server are still allowed even though the API has\nbeen configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API\ncredentials could flush the cache, trigger a zone transfer or send a NOTIFY.\");\n\n script_tag(name:\"impact\", value:\"A remote attacker may cause a parital DoS condition.\");\n\n script_tag(name:\"affected\", value:\"PowerDNS Authoritative up to and including 4.0.4, 3.4.11.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 4.0.5 or later.\");\n\n script_xref(name:\"URL\", value:\"https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_proto(cpe: CPE, port: port))\n exit(0);\n\nversion = infos[\"version\"];\nproto = infos[\"proto\"];\n\nif (version_is_less(version: version, test_version: \"4.0.5\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"4.0.5\");\n security_message(data: report, port: port, proto: proto);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}]}
