logo
DATABASE RESOURCES PRICING ABOUT US

PowerDNS Security Advisory 2010-02: PowerDNS Recursor up to and including 3.1.7.1 can be spoofed into accepting bogus data

Description

PowerDNS Security Advisory 2010-02: PowerDNS Recursor up to and including 3.1.7.1 can be spoofed into accepting bogus data Table 1-7. PowerDNS Security Advisory CVE CVE-2009-4010 Date 6th of January 2010 Affects PowerDNS Recursor 3.1.7.1 and earlier Not affected No versions of the PowerDNS Authoritative ('pdns_server') are affected. Severity High Impact Using smart techniques, it is possible to fool the PowerDNS Recursor into accepting unauthorized data Exploit Withheld Solution Upgrade to PowerDNS Recursor 3.1.7.2 or higher Workaround None. Using specially crafted zones, it is possible to fool the PowerDNS Recursor into accepting bogus data. This data might be harmful to your users. An attacker would be able to divert data from, say, bigbank.com to an IP address of his choosing. This vulnerability was discovered by a third party that (for now) prefers not to be named. PowerDNS is very grateful however for their help in improving PowerDNS security.


Related