904 matches found
Null pointer dereference
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service...
DEBIAN-CVE-2017-15120
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service...
CVE-2017-15120
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service...
UBUNTU-CVE-2017-15120
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service...
CVE-2017-15120
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service...
CVE-2017-15120
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service...
CVE-2017-15120
CVE-2017-15120 affects PowerDNS Recursor prior to 4.0.8. The issue is a NULL pointer dereference caused while parsing authoritative answers, specifically when the response contains a CNAME of a different class than IN. An unauthenticated remote attacker can trigger a denial of service on vulnerab...
CVE-2017-15120
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service...
Fedora 27 : pdns-recursor (2018-76c82b393e)
Upstream released new version - Fix a bunch of CVE's Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
Fedora Update for pdns-recursor FEDORA-2018-76c82b393e
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 27 Update: pdns-recursor-4.1.3-2.fc27
PowerDNS Recursor is a non authoritative/recursing DNS server. Use this package if you need a dns cache for your network...
Updated pdns-recursor package fixes security vulnerability
An issue has been found in the DNSSEC validation component of PowerDNS Recursor, allowing an ancestor delegation NSEC or NSEC3 record to be used to wrongfully prove the non-existence of a RR below the owner name of that record. This would allow an attacker in position of man-in-the-middle to send...
MGASA-2018-0252 Updated pdns-recursor package fixes security vulnerability
An issue has been found in the DNSSEC validation component of PowerDNS Recursor, allowing an ancestor delegation NSEC or NSEC3 record to be used to wrongfully prove the non-existence of a RR below the owner name of that record. This would allow an attacker in position of man-in-the-middle to send...
OPENSUSE-SU-2018:0953-1 Security update for pdns-recursor
This update for pdns-recursor fixes the following issues: - update to 4.1.2 - New Features - 6344: Add FFI version of gettag. - Improvements - 6298, 6303, 6268, 6290: Add the option to set the AXFR timeout for RPZs. - 6172: IXFR: correct behavior of dealing with DNS Name with multiple records and...
PowerDNS Recursor 4.1.0 DNSSEC Signature Validation Spoofing Vulnerability (CVE-2018-1000003)
According to its self-reported version number, the version of the PowerDNS Recursor listening on the remote host is version 4.1.0. It is, therefore, affected by a flaw when handling DNSSEC signature validation of NSEC or NSEC3 records. Note that Nessus has not attempted to exploit these issues bu...
FreeBSD : powerdns-recursor -- insufficient validation of DNSSEC signatures (24a82876-002e-11e8-9a95-0cc47a02c232)
PowerDNS Security Advisory reports : An issue has been found in the DNSSEC validation component of PowerDNS Recursor, allowing an ancestor delegation NSEC or NSEC3 record to be used to wrongfully prove the non-existence of a RR below the owner name of that record. This would allow an attacker in...
PowerDNS Recursor DNSSEC Signatures Vulnerability (2018-01)
Improper input validation bugs in DNSSEC validators components in PowerDNS allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...
Cross site scripting
A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content...
CVE-2017-15093
When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. I...
DEBIAN-CVE-2017-15092
A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content...