[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] PowerDNS Recursor Security Advisory 2024-02: if recursive forwarding is configured, c
From:       Peter van Dijk <peter.van.dijk () powerdns ! com>
Date:       2024-04-24 10:37:56
Message-ID: 6fc5f0dc8f6d868e9dcf4fc2d3bc535ef8907c3c.camel () powerdns ! com
[Download RAW message or body]


Dear user,

Please find below a security advisory, relating to PowerDNS Recursor
4.8.7, 4.9.4 and 5.0.3 only.

When using recursive forwarding, a crafted response from an upstream
server can cause a Denial of Service in the Recursor.

=========================================================================
PowerDNS Security Advisory 2024-02: if recursive forwarding is
configured, crafted responses can lead to a denial of service in Recursor

    CVE: CVE-2024-25583
    Date: 24th of April 2024.
    Affects: PowerDNS Recursor 4.8.7, 4.9.4 and 5.0.3, earlier versions
are not affected
    Not affected: PowerDNS Recursor 4.8.8, 4.9.5 and 5.0.4
    Severity: High (only when using recursive forwarding)
    Impact: Denial of service
    Exploit: This problem can be triggered by an attacker publishing a crafted zone
    Risk of system compromise: None
    Solution: Upgrade to patched version

When using recursive forwarding, a crafted response from an upstream
server can cause a Denial of Service in the Recursor. The default
configuration of the Recursor does not use recursive forwarding and is
not affected.

CVSS Score: 7.5, only for configurations using recursive forwarding, see
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1

The remedy is to update to a patched version.



["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]