Linux Security
    Linux Security
    Linux Security

    ArchLinux: 202010-6: powerdns-recursor: denial of service

    Date 21 Oct 2020
    116
    Posted By LinuxSecurity Advisories
    The package powerdns-recursor before version 4.3.5-1 is vulnerable to denial of service.
    Arch Linux Security Advisory ASA-202010-6
    =========================================
    
    Severity: High
    Date    : 2020-10-18
    CVE-ID  : CVE-2020-25829
    Package : powerdns-recursor
    Type    : denial of service
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1243
    
    Summary
    =======
    
    The package powerdns-recursor before version 4.3.5-1 is vulnerable to
    denial of service.
    
    Resolution
    ==========
    
    Upgrade to 4.3.5-1.
    
    # pacman -Syu "powerdns-recursor>=4.3.5-1"
    
    The problem has been fixed upstream in version 4.3.5.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    An issue has been found in PowerDNS Recursor before 4.3.5 where a
    remote attacker can cause the cached records for a given name to be
    updated to the ‘Bogus’ DNSSEC validation state, instead of their actual
    DNSSEC ‘Secure’ state, via a DNS ANY query. This results in a denial of
    service for installations that always validate (dnssec=validate) and
    for clients requesting validation when on-demand validation is enabled
    (dnssec=process).
    
    Impact
    ======
    
    A remote attacker can deny DNSSEC validation by updating the state of
    cached entries.
    
    References
    ==========
    
    https://www.openwall.com/lists/oss-security/2020/10/13/3
    https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html
    https://downloads.powerdns.com/patches/2020-07/any-cache-update-4.3.4.diff
    https://github.com/PowerDNS/pdns/commit/ae33c53e68a32189e0a2fd3df24821d3edce4503
    https://security.archlinux.org/CVE-2020-25829
    

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/46-how-long-have-you-been-using-linux?task=poll.vote&format=json
    46
    radio
    [{"id":"160","title":"Just made the switch!","votes":"1","type":"x","order":"1","pct":14.29,"resources":[]},{"id":"161","title":"1-5 years","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"162","title":"6-10 years","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"6","type":"x","order":"4","pct":85.71,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.