PowerDNS Recursor < 4.1.9 Lua Hooks Vulnerability

2019-01-2200:00:00

plugins.openvas.org

160

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.2%

JSON

An issue has been found in PowerDNS Recursor where Lua hooks are not properly
applied to queries received over TCP in some specific combination of settings, possibly bypassing security
policies enforced using Lua.

# SPDX-FileCopyrightText: 2019 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = 'cpe:/a:powerdns:recursor';

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.141898");
  script_version("2023-07-14T16:09:27+0000");
  script_tag(name:"last_modification", value:"2023-07-14 16:09:27 +0000 (Fri, 14 Jul 2023)");
  script_tag(name:"creation_date", value:"2019-01-22 09:08:47 +0700 (Tue, 22 Jan 2019)");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2020-10-19 17:45:00 +0000 (Mon, 19 Oct 2020)");

  script_cve_id("CVE-2019-3806");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("PowerDNS Recursor < 4.1.9 Lua Hooks Vulnerability");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2019 Greenbone AG");
  script_family("General");
  script_dependencies("pdns_version.nasl");
  script_mandatory_keys("powerdns/recursor/installed");

  script_tag(name:"summary", value:"An issue has been found in PowerDNS Recursor where Lua hooks are not properly
applied to queries received over TCP in some specific combination of settings, possibly bypassing security
policies enforced using Lua.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"When the recursor is configured to run with more than one thread (threads=X)
and to do the distribution of incoming queries to the worker threads itself (pdns-distributes-queries=yes), the
Lua script is not properly loaded in the thread handling incoming TCP queries, causing the Lua hooks to not be
properly applied.");

  script_tag(name:"affected", value:"PowerDNS Recursor from 4.1.4 up to and including 4.1.8.");

  script_tag(name:"solution", value:"Upgrade to version 4.1.9 or later.");

  script_xref(name:"URL", value:"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html");

  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!infos = get_app_version_and_proto(cpe: CPE, port: port))
  exit(0);

version = infos["version"];
proto = infos["proto"];

if (version_in_range(version: version, test_version: "4.1.4", test_version2: "4.1.8")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "4.1.9");
  security_message(data: report, port: port, proto: proto);
  exit(0);
}

exit(99);