FreeBSD40D92CC5-1E2B-11E9-BEF6-6805CA2FA271powerdns-recursor -- multiple vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
55.4%
PowerDNS Team reports:
CVE-2019-3806: An issue has been found in PowerDNS Recursor where Lua hooks are
not properly applied to queries received over TCP in some specific combination of
settings, possibly bypassing security policies enforced using Lua.
When the recursor is configured to run with more than one thread (threads=X) and to
do the distribution of incoming queries to the worker threads itself
(pdns-distributes-queries=yes), the Lua script is not properly loaded in the thread
handling incoming TCP queries, causing the Lua hooks to not be properly applied.
CVE-2019-3807: An issue has been found in PowerDNS Recursor where records in the
answer section of responses received from authoritative servers with the AA flag not
set were not properly validated, allowing an attacker to bypass DNSSEC validation.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | powerdns-recursor | <Â 4.1.9 | UNKNOWN |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
55.4%