Lucene search
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.POWERDNS_RECURSOR_4_0_7.NASLHistoryJan 19, 2018 - 12:00 a.m.
PowerDNS Recursor 4.0.x < 4.0.7 Multiple Vulnerabilities
2018-01-1900:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
41.7%
According to its self-reported version number, the version of the PowerDNS Recursor listening on the remote host is version 4.0.x prior to 4.0.7. It is, therefore, affected by multiple vulnerabilities:
-
Insufficient validation of DNSSEC signatures.
(CVE-2017-15090) -
Cross-Site Scripting (XSS) in the web interface.
(CVE-2017-15092) -
Memory leak in DNSSEC parsing. (CVE-2017-15094)
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application’s self-reported version number.
Also, Nessus has not checked for the presence of the patch.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(106193);
script_version("1.6");
script_cvs_date("Date: 2019/11/08");
script_cve_id("CVE-2017-15090", "CVE-2017-15092", "CVE-2017-15094");
script_bugtraq_id(101982);
script_name(english:"PowerDNS Recursor 4.0.x < 4.0.7 Multiple Vulnerabilities");
script_summary(english:"Checks the PowerDNS Recursor version.");
script_set_attribute(attribute:"synopsis", value:
"The remote name server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the version of the
PowerDNS Recursor listening on the remote host is version 4.0.x prior
to 4.0.7. It is, therefore, affected by multiple vulnerabilities:
- Insufficient validation of DNSSEC signatures.
(CVE-2017-15090)
- Cross-Site Scripting (XSS) in the web interface.
(CVE-2017-15092)
- Memory leak in DNSSEC parsing. (CVE-2017-15094)
Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.
Also, Nessus has not checked for the presence of the patch.");
# https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4a9029f1");
# https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bcb281e7");
# https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?119aa506");
# https://blog.powerdns.com/2017/11/27/powerdns-authoritative-server-4-0-5-and-recursor-4-0-7-released/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9ad28007");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/oss-sec/2017/q4/329");
script_set_attribute(attribute:"solution", value:
"Upgrade to PowerDNS Recursor 4.0.7 or later. Alternatively, apply the
patches referenced in the vendor advisories.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-15092");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/27");
script_set_attribute(attribute:"patch_publication_date", value:"2017/11/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/19");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:powerdns:powerdns");
script_set_attribute(attribute:"cpe", value:"cpe:/a:powerdns:recursor");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"DNS");
script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("pdns_version.nasl");
script_require_keys("pdns/version_full", "pdns/version_source", "pdns/type", "Settings/ParanoidReport");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
app_name = "PowerDNS Recursor";
version_source = get_kb_item_or_exit("pdns/version_source");
version = get_kb_item_or_exit("pdns/version_full");
port = 53;
# Only the Recursor is affected
type = get_kb_item_or_exit("pdns/type");
if (type != 'recursor') audit(AUDIT_NOT_LISTEN, app_name, port, "UDP");
if (version == "unknown") audit(AUDIT_UNKNOWN_APP_VER, app_name);
if (report_paranoia < 2) audit(AUDIT_PARANOID);
if (version =~ "^4\.0\.[0-6]([^0-9]|$)")
{
report =
'\n Version source : ' + version_source +
'\n Installed version : ' + version +
'\n Fixed version : 4.0.7' +
'\n';
security_report_v4(severity:SECURITY_WARNING, port:port, proto:"udp", extra:report, xss:TRUE);
}
else
audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version, "UDP");
References
Related
openvas
openvas
PowerDNS Recursor Multiple Vulnerabilities
2017-11-28 00:00:00
Fedora Update for pdns-recursor FEDORA-2017-1585789772
2017-12-14 00:00:00
Fedora Update for pdns-recursor FEDORA-2017-81fe39ad9f
2017-12-14 00:00:00
nessus
nessus
Fedora 27 : pdns-recursor (2017-608b6f5945)
2018-01-15 00:00:00
Fedora 26 : pdns-recursor (2017-1585789772)
2017-12-13 00:00:00
Fedora 25 : pdns-recursor (2017-81fe39ad9f)
2017-12-13 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: pdns-recursor-4.0.7-1.fc26
2017-12-12 13:46:26
[SECURITY] Fedora 27 Update: pdns-recursor-4.0.7-1.fc27
2017-12-12 11:30:15
[SECURITY] Fedora 25 Update: pdns-recursor-4.0.7-1.fc25
2017-12-12 14:40:52
redhatcve
redhatcve
CVE-2017-15090
2022-05-20 22:30:18
CVE-2017-15093
2022-05-20 23:27:39
archlinux
archlinux
[ASA-201711-31] powerdns-recursor: multiple issues
2017-11-27 00:00:00
checkpoint_advisories
checkpoint_advisories
nvd
nvd
cve
cve
ubuntucve
ubuntucve
cvelist
cvelist
debiancve
debiancve
prion
prion
Cross site scripting
2018-01-23 15:29:00
Design/Logic Flaw
2018-01-23 15:29:00
Input validation
2018-01-23 15:29:00
osv
osv
alpinelinux
alpinelinux
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
41.7%
Related for POWERDNS_RECURSOR_4_0_7.NASL