Multiple vulnerabilities in PowerDNS Recursor and Authoritative
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2017-15090 CVE-2017-15091 CVE-2017-15092 CVE-2017-15093 CVE-2017-15094 |
| CWE-ID | CWE-300 CWE-284 CWE-79 CWE-401 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
PowerDNS Recursor Server applications / DNS servers PowerDNS Authoritative Server applications / DNS servers |
| Vendor | PowerDNS.COM B.V. |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Man-in-the-middle attack
EUVDB-ID: #VU9437
Risk: Low
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-15090
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to conduct man-in-the-middle attack.
The weakness exists due to improper validation of DNSSEC component of PowerDNS Recursor. A remote attacker can use man-in-the-middle technique, issue a valid signature for the crafted records and alter the content of records.
Update PowerDNS Recursor to version 4.0.7.
PowerDNS Recursor: 4.0.0 - 4.0.6
External linkshttp://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU9438
Risk: Low
CVSSv3.1: 3.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-15091
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to modify arbitrary data on the target system.
The weakness exists due to insufficient validation of the API component of PowerDNS Authoritative. A remote attacker with valid API credentials can configure the API as read-only via the api-readonly keyword, flush the cache, trigger a zone transfer or send a NOTIFY.
Update PowerDNS Authoritative to version 4.0.5.
PowerDNS Authoritative: 3.4.11 - 4.0.4
External linkshttp://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cross-site scripting
EUVDB-ID: #VU9439
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-15092
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate PowerDNS Recursor to version 4.0.7.
PowerDNS Recursor: 4.0.0 - 4.0.6
External linkshttp://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) File injection
EUVDB-ID: #VU9440
Risk: Low
CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-15093
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to inject API file on the target system.
The vulnerability exists in the API of PowerDNS Recursor during a source code audit by Nixu due to insufficient validation of the new netmask and IP addresses of forwarded zones. A remote attacker can add and remove netmasks when api-config-dir is set to a non-empty value and inject new configuration directives into the Recursor’s configuration.
MitigationUpdate PowerDNS Recursor to version 4.0.7.
PowerDNS Recursor: 3.7.4 - 4.0.6
External linkshttp://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU9441
Risk: Medium
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-15094
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to a flaw in the DNSSEC parsing code of PowerDNS Recursor during a code audit by Nixu. A remote attacker can supply specially crafted DNSSEC ECDSA keys, parse it when validation is enabled by setting dnssec to a value other than off or process-no-validate (default), trigger memory leak and cause the service to crash.
Update PowerDNS Recursor to version 4.0.7.
PowerDNS Recursor: 4.0.0 - 4.0.6
External linkshttp://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
