Veracode Vulnerability DatabaseVERACODE:34851Insecure Authentication
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
PowerDNS has insecure authentication. The vulnerability exists due to a lack of insufficient validation of an IXFR end condition which causes incomplete zone transfers to be handled as successful transfers.
References
www.openwall.com/lists/oss-security/2022/03/25/1
doc.powerdns.com/authoritative/security-advisories/index.html
doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html
docs.powerdns.com/recursor/security-advisories/index.html
docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html
lists.fedoraproject.org/archives/list/[email protected]/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/
lists.fedoraproject.org/archives/list/[email protected]/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/
lists.fedoraproject.org/archives/list/[email protected]/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/
lists.fedoraproject.org/archives/list/[email protected]/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/
secdb.alpinelinux.org/edge/community.yaml
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P