CVE-2017-15090
MEDIUMPowerDNS Recursor 4.0.0-4.0.6 - Improper Verification of Cryptographic Signature in DNSSEC Validation
Title source: llmDescription
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101982
Scores
CVSS v3
5.9
EPSS
0.0062
EPSS Percentile
45.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-347
Status
published
Products (1)
powerdns/recursor
4.0.0 - 4.0.6
Published
Jan 23, 2018
Tracked Since
Feb 18, 2026