Vulnerabilities > CVE-2012-1193 - Unspecified vulnerability in Powerdns Recursor 3.3
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN powerdns
nessus
Summary
The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-33.NASL description The remote host is affected by the vulnerability described in GLSA-201412-33 (PowerDNS Recursor: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PowerDNS Recursor. Please review the CVE identifiers and PowerDNS blog post referenced below for details. Impact : A remote attacker may be able to send specially crafted packets, possibly resulting in arbitrary code execution or a Denial of Service condition. Furthermore, a remote attacker may be able to spoof DNS data. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 80210 published 2014-12-23 reporter This script is Copyright (C) 2014-2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80210 title GLSA-201412-33 : PowerDNS Recursor: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201412-33. # # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(80210); script_version("$Revision: 1.4 $"); script_cvs_date("$Date: 2017/10/02 21:12:27 $"); script_cve_id("CVE-2009-4009", "CVE-2009-4010", "CVE-2012-1193", "CVE-2014-8601"); script_bugtraq_id(37650, 37653, 59348, 71545); script_xref(name:"GLSA", value:"201412-33"); script_name(english:"GLSA-201412-33 : PowerDNS Recursor: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201412-33 (PowerDNS Recursor: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PowerDNS Recursor. Please review the CVE identifiers and PowerDNS blog post referenced below for details. Impact : A remote attacker may be able to send specially crafted packets, possibly resulting in arbitrary code execution or a Denial of Service condition. Furthermore, a remote attacker may be able to spoof DNS data. Workaround : There is no known workaround at this time." ); # https://blog.powerdns.com/2014/02/06/related-to-recent-dos-attacks-recursor-configuration-file-guidance/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e0bd75f6" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201412-33" ); script_set_attribute( attribute:"solution", value: "All PowerDNS Recursor users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-dns/pdns-recursor-3.6.1-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:pdns-recursor"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2017 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-dns/pdns-recursor", unaffected:make_list("ge 3.6.1-r1"), vulnerable:make_list("lt 3.6.1-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PowerDNS Recursor"); }NASL family Fedora Local Security Checks NASL id FEDORA_2013-5692.NASL description - Update to 3.5 - This is a stability, security and bugfix update to 3.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-04-22 plugin id 66166 published 2013-04-22 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66166 title Fedora 19 : pdns-recursor-3.5-1.fc19 (2013-5692) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-5692. # include("compat.inc"); if (description) { script_id(66166); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-1193"); script_xref(name:"FEDORA", value:"2013-5692"); script_name(english:"Fedora 19 : pdns-recursor-3.5-1.fc19 (2013-5692)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Update to 3.5 - This is a stability, security and bugfix update to 3.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=794963" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-April/102729.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?897ac89c" ); script_set_attribute( attribute:"solution", value:"Update the affected pdns-recursor package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pdns-recursor"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/04/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"pdns-recursor-3.5-1.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdns-recursor"); }NASL family Fedora Local Security Checks NASL id FEDORA_2013-6279.NASL description - Update to 3.5 - This is a stability, security and bugfix update to 3.3 - Disarm dead code that causes gcc crashes on ARM (rhbz#954192) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-05-01 plugin id 66282 published 2013-05-01 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66282 title Fedora 18 : pdns-recursor-3.5-2.fc18 (2013-6279) NASL family Fedora Local Security Checks NASL id FEDORA_2013-6316.NASL description - Update to 3.5 - This is a stability, security and bugfix update to 3.3 - Disarm dead code that causes gcc crashes on ARM (rhbz#954192) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-05-01 plugin id 66283 published 2013-05-01 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66283 title Fedora 17 : pdns-recursor-3.5-2.fc17 (2013-6316) NASL family DNS NASL id POWERDNS_3_5_0.NASL description According to its self-reported version number, the version of the PowerDNS Recursor service listening on the remote host is 3.3.x, 3.4.x, or 3.5 RC1. It is, therefore, affected by a ghost domain names vulnerability in the resolver service due to overwriting cached name servers and TTL values in NS records when processing a response of an A record query. A remote attacker can exploit this to resume the resolving of revoked domain names. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 69429 published 2013-07-25 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69429 title PowerDNS Recursor 3.3.x / 3.4.x / 3.5 RC1 Cache Update Policy Deleted Domain Name Resolving Weakness