ESB-2018.0251 - [UNIX/Linux][FreeBSD] PowerDNS Recursor: Provide misleading information - Remote/unauthenticated 2018-01-24

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0251
         A vulnerability has been identified in PowerDNS Recursor
                              24 January 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           PowerDNS Recursor
Publisher:         FreeBSD
Operating System:  FreeBSD
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Provide Misleading Information -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-1000003  

Original Bulletin: 
   http://www.vuxml.org/freebsd/24a82876-002e-11e8-9a95-0cc47a02c232.html

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than FreeBSD. It is recommended that administrators
         running PowerDNS Recursor check for an updated version of the 
         software for their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

powerdns-recursor -- insufficient validation of DNSSEC signatures

Affected packages

powerdns-recursor < 4.1.1

Details

VuXML ID 24a82876-002e-11e8-9a95-0cc47a02c232

Discovery 2018-01-22

Entry 2018-01-23

PowerDNS Security Advisory reports:

An issue has been found in the DNSSEC validation component of PowerDNS 
Recursor, allowing an ancestor delegation NSEC or NSEC3 record to be used to 
wrongfully prove the non-existence of a RR below the owner name of that 
record. This would allow an attacker in position of man-in-the-middle to send
a NXDOMAIN answer for a name that does exist.

[source]

References

CVE Name CVE-2018-1000003

URL 
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-01.html

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWmgKw4x+lLeg9Ub1AQivHRAAhuXOqFBd2WOan4IqA99Ga5oXWGLaGZyN
ILFrJuDkLEMV1h0xSTuljHz1FDL5yWigeyk7q/Vq/ykydlEsJaIH0/wZRdMgesSO
0sQXcHZ8KdNjLeKFBkTG4ovpm1XJ7LXRlJsTGuE8x8ABbbUyG4C+q97/mcKF2s/5
QL16zUueJSU888NIiOnLEUvSaGqLWknwQtqVPibWSmA7RTfAXSdQJQ2Z4imQIQ4D
iI2Aa3UJ1N7RYq+O7XPpLmTwz7OvInhbTbs/sYzA0Pnb7T1vcxvyzFwlGzHnb+TX
AdS4zqOuCMnTP6hKHZmNK9hwz/ShLVeNKOacnTrm8hk+Mmpwf+kwVu7/CNxn9wJP
K0ernyrhw9ARjlC2lsF8xjeDmAveDwKukzUG4bAEdm+BHFHAAyqN1DmU1N8ch/TQ
5qtYRKPlnl7UcGPk1C8+NRmb+KEreMe6eoudpAJPqdn+FYloyILZbb9ZRzZt64UQ
ay+ubQy9HX6uwRyHk1Ooh5gzgD9cNswb66rt3C3fjaPhiXbwdcqOJCf4Oieu1gFE
oyoJqloe1h+E6jMK7X85lnjRJPbt1V/uETDInSnaczmyuOBRZDIPgTd7VeInwHOl
Fk0XInbFkdXE/gB2ry1Eo8Ph41L3GPLprerbnVDMAsAh0xPLfIJJTb0OyfL9RGSc
iixIhKODaaI=
=twgA
-----END PGP SIGNATURE-----

« Back to bulletins