pdns-recursor is vulnerable to privilege escalation. The vulnerability exists as pdns-recursor does not properly restrict ACL access to the internal web server.
CPE | Name | Operator | Version |
---|---|---|---|
pdns-recursor:3.12 | eq | 4.3.1-r0 | |
pdns-recursor:edge | eq | 4.2.1-r0 | |
pdns-recursor:edge | eq | 4.3.1-r0 |
lists.opensuse.org/opensuse-security-announce/2020-07/msg00043.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00042.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00044.html
lists.opensuse.org/opensuse-security-announce/2020-10/msg00036.html
doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-04.html
lists.fedoraproject.org/archives/list/[email protected]/message/7TUNCUZNASYSTVD35QGFAI6XO2BFMQ2F/
www.openwall.com/lists/oss-security/2020/07/01/1