Vulnerabilities > CVE-2017-15091 - Improperly Implemented Security Check for Standard vulnerability in Powerdns Authoritative

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

powerdns

CWE-358

nessus

NVD

Published: 2018-01-23

Updated: 2019-10-09

Summary

An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.

Vulnerable Configurations

Part	Description	Count
Application	Powerdns Powerdns Authoritative 3.0 Powerdns Authoritative 3.0.1 Powerdns Authoritative 3.1 Powerdns Authoritative 3.1.2 Powerdns Authoritative 3.1.4 Powerdns Authoritative 3.1.7.1 Powerdns Authoritative 3.1.7.2 Powerdns Authoritative 3.2 Powerdns Authoritative 3.3 Powerdns Authoritative 3.3.1 Powerdns Authoritative 3.3.2 Powerdns Authoritative 3.3.3 Powerdns Authoritative 3.4.0 Powerdns Authoritative 3.4.1 Powerdns Authoritative 3.4.2 Powerdns Authoritative 3.4.3 Powerdns Authoritative 3.4.4 Powerdns Authoritative 3.4.5 Powerdns Authoritative 3.4.6 Powerdns Authoritative 3.4.7 Powerdns Authoritative 3.4.8 Powerdns Authoritative 3.4.9 Powerdns Authoritative 3.4.10 Powerdns Authoritative 3.4.11 Powerdns Authoritative 4.0.0 Powerdns Authoritative 4.0.1 Powerdns Authoritative 4.0.2 Powerdns Authoritative 4.0.3 Powerdns Authoritative 4.0.4	39

Common Weakness Enumeration (CWE)

CWE-358 - Improperly Implemented Security Check for Standard

Nessus

NASL family	DNS
NASL id	POWERDNS_AUTHORITATIVE_4_0_5.NASL
description	According to its self-reported version number, the version of the PowerDNS Authoritative listening on the remote host is prior to 4.0.5. It is, therefore, affected by a vulnerability in the API where a remote authenticated attacker can perform operations that affect the server state even if the api-readonly configuration is enabled. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	106192
published	2018-01-19
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/106192
title	PowerDNS Authoritative < 4.0.5 Read Only Configuration Bypass (CVE-2017-15091)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-1340.NASL
description	This update for pdns fixes the following issues : Security issue fixed : - CVE-2017-15091: An issue has been found in the API component of PowerDNS Authoritative, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only. This missing check allows an attacker with valid API credentials could flush the cache, trigger a zone transfer or send a NOTIFY (boo#1069242).
last seen	2020-06-05
modified	2017-12-14
plugin id	105230
published	2017-12-14
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/105230
title	openSUSE Security Update : pdns (openSUSE-2017-1340)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References