This update for pdns-recursor fixes the following issues :
Security issues fixed :
CVE-2017-15090: An issue has been found in the DNSSEC validation component of PowerDNS Recursor, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records (boo#1069242).
CVE-2017-15092: An issue has been found in the web interface of PowerDNS Recursor, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and JavaScript code into the web interface, altering the content (boo#1069242).
CVE-2017-15093: When api-config-dir
is set to a non-empty value, which is not the case by default, the API allows an authorized user to update the Recursor’s ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor’s configuration (boo#1069242).
CVE-2017-15094: An issue has been found in the DNSSEC parsing code of PowerDNS Recursor during a code audit by Nixu, leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys (boo#1069242).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-1339.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(105229);
script_version("3.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2017-15090", "CVE-2017-15092", "CVE-2017-15093", "CVE-2017-15094");
script_name(english:"openSUSE Security Update : pdns-recursor (openSUSE-2017-1339)");
script_summary(english:"Check for the openSUSE-2017-1339 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update for pdns-recursor fixes the following issues :
Security issues fixed :
- CVE-2017-15090: An issue has been found in the DNSSEC
validation component of PowerDNS Recursor, where the
signatures might have been accepted as valid even if the
signed data was not in bailiwick of the DNSKEY used to
sign it. This allows an attacker in position of
man-in-the-middle to alter the content of records by
issuing a valid signature for the crafted records
(boo#1069242).
- CVE-2017-15092: An issue has been found in the web
interface of PowerDNS Recursor, where the qname of DNS
queries was displayed without any escaping, allowing a
remote attacker to inject HTML and JavaScript code into
the web interface, altering the content (boo#1069242).
- CVE-2017-15093: When `api-config-dir` is set to a
non-empty value, which is not the case by default, the
API allows an authorized user to update the Recursor's
ACL by adding and removing netmasks, and to configure
forward zones. It was discovered that the new netmask
and IP addresses of forwarded zones were not
sufficiently validated, allowing an authenticated user
to inject new configuration directives into the
Recursor's configuration (boo#1069242).
- CVE-2017-15094: An issue has been found in the DNSSEC
parsing code of PowerDNS Recursor during a code audit by
Nixu, leading to a memory leak when parsing specially
crafted DNSSEC ECDSA keys (boo#1069242)."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1069242"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected pdns-recursor packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns-recursor");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns-recursor-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns-recursor-debugsource");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
script_set_attribute(attribute:"patch_publication_date", value:"2017/12/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/14");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.2", reference:"pdns-recursor-3.7.3-9.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"pdns-recursor-debuginfo-3.7.3-9.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"pdns-recursor-debugsource-3.7.3-9.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"pdns-recursor-4.0.5-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"pdns-recursor-debuginfo-4.0.5-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"pdns-recursor-debugsource-4.0.5-3.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdns-recursor / pdns-recursor-debuginfo / pdns-recursor-debugsource");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | opensuse | pdns-recursor | p-cpe:/a:novell:opensuse:pdns-recursor |
novell | opensuse | pdns-recursor-debuginfo | p-cpe:/a:novell:opensuse:pdns-recursor-debuginfo |
novell | opensuse | pdns-recursor-debugsource | p-cpe:/a:novell:opensuse:pdns-recursor-debugsource |
novell | opensuse | 42.2 | cpe:/o:novell:opensuse:42.2 |
novell | opensuse | 42.3 | cpe:/o:novell:opensuse:42.3 |