PowerDNS Recursor Vulnerability Allowing Bogus DNSSEC Validation
CVE-2020-25829

7.5HIGH

Key Information:

Vendor
Powerdns
Status
Recursor
Vendor
CVE Published:
16 October 2020

Summary

A vulnerability in PowerDNS Recursor allows remote attackers to exploit the DNS ANY query to modify cached records, effectively changing their DNSSEC validation status to a Bogus state. This manipulation impacts installations with DNSSEC validation enabled, leading to potential denial of service for clients expecting accurate validation. Such misinterpretation of secure states compromises the integrity of DNS resolutions, highlighting a critical flaw for affected versions.

References

https://docs.powerdns.com/recursor/security-advisories/po...
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE
https://security.gentoo.org/glsa/202012-19
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.