Vulnerabilities > CVE-2018-14626 - Unspecified vulnerability in Powerdns Authoritative and Recursor
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2018-2FF7CDBB7B.NASL description - Update to 4.1.5 Release notes: https://blog.powerdns.com/2018/11/06/powerdns-authoritative-server-4-0 -6-4-1-5-and-recursor-4-0-9-4-1-5-released/ PowerDNS Security Advisory 2018-03 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a dvisory-2018-03.html) (CVE-2018-10851) PowerDNS Security Advisory 2018-05 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a dvisory-2018-05.html) (CVE-2018-14626) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120329 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120329 title Fedora 28 : pdns (2018-2ff7cdbb7b) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-2ff7cdbb7b. # include("compat.inc"); if (description) { script_id(120329); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-10851", "CVE-2018-14626"); script_xref(name:"FEDORA", value:"2018-2ff7cdbb7b"); script_name(english:"Fedora 28 : pdns (2018-2ff7cdbb7b)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Update to 4.1.5 Release notes: https://blog.powerdns.com/2018/11/06/powerdns-authoritative-server-4-0 -6-4-1-5-and-recursor-4-0-9-4-1-5-released/ PowerDNS Security Advisory 2018-03 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a dvisory-2018-03.html) (CVE-2018-10851) PowerDNS Security Advisory 2018-05 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a dvisory-2018-05.html) (CVE-2018-14626) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-2ff7cdbb7b" ); # https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?56fddf39" ); # https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?156cee5a" ); script_set_attribute(attribute:"solution", value:"Update the affected pdns package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pdns"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/29"); script_set_attribute(attribute:"patch_publication_date", value:"2018/11/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"pdns-4.1.5-1.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdns"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2018-C341B70641.NASL description Fixes CVE-2018-16855 (Crafted query can cause a denial of service) ---- New upstream release with security fixes for CVE-2018-10851, CVE-2018-14626 and CVE-2018-14644 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120764 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120764 title Fedora 28 : pdns-recursor (2018-c341b70641) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-c341b70641. # include("compat.inc"); if (description) { script_id(120764); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-10851", "CVE-2018-14626", "CVE-2018-14644", "CVE-2018-16855"); script_xref(name:"FEDORA", value:"2018-c341b70641"); script_name(english:"Fedora 28 : pdns-recursor (2018-c341b70641)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fixes CVE-2018-16855 (Crafted query can cause a denial of service) ---- New upstream release with security fixes for CVE-2018-10851, CVE-2018-14626 and CVE-2018-14644 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-c341b70641" ); script_set_attribute( attribute:"solution", value:"Update the affected pdns-recursor package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pdns-recursor"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/09"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"pdns-recursor-4.1.8-1.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdns-recursor"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2018-5A1E2759AA.NASL description - Update to 4.1.5 Release notes: https://blog.powerdns.com/2018/11/06/powerdns-authoritative-server-4-0 -6-4-1-5-and-recursor-4-0-9-4-1-5-released/ PowerDNS Security Advisory 2018-03 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a dvisory-2018-03.html) (CVE-2018-10851) PowerDNS Security Advisory 2018-05 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a dvisory-2018-05.html) (CVE-2018-14626) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-11-16 plugin id 119007 published 2018-11-16 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119007 title Fedora 27 : pdns (2018-5a1e2759aa) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-5a1e2759aa. # include("compat.inc"); if (description) { script_id(119007); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-10851", "CVE-2018-14626"); script_xref(name:"FEDORA", value:"2018-5a1e2759aa"); script_name(english:"Fedora 27 : pdns (2018-5a1e2759aa)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Update to 4.1.5 Release notes: https://blog.powerdns.com/2018/11/06/powerdns-authoritative-server-4-0 -6-4-1-5-and-recursor-4-0-9-4-1-5-released/ PowerDNS Security Advisory 2018-03 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a dvisory-2018-03.html) (CVE-2018-10851) PowerDNS Security Advisory 2018-05 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a dvisory-2018-05.html) (CVE-2018-14626) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-5a1e2759aa" ); # https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?56fddf39" ); # https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?156cee5a" ); script_set_attribute(attribute:"solution", value:"Update the affected pdns package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pdns"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/29"); script_set_attribute(attribute:"patch_publication_date", value:"2018/11/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC27", reference:"pdns-4.1.5-1.fc27")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdns"); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_0AEE2F13EC1D11E88C926805CA2FA271.NASL description PowerDNS Team reports : CVE-2018-10851: An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause a memory leak by inserting a specially crafted record in a zone under their control, then sending a DNS query for that record. The issue is due to the fact that some memory is allocated before the parsing and is not always properly released if the record is malformed. When the PowerDNS Authoritative Server is run inside the guardian (--guardian), or inside a supervisor like supervisord or systemd, an out-of-memory crash will lead to an automatic restart, limiting the impact to a somewhat degraded service. CVE-2018-14626: An issue has been found in PowerDNS Authoritative Server allowing a remote user to craft a DNS query that will cause an answer without DNSSEC records to be inserted into the packet cache and be returned to clients asking for DNSSEC records, thus hiding the presence of DNSSEC signatures for a specific qname and qtype. For a DNSSEC-signed domain, this means that DNSSEC validating clients will consider the answer to be bogus until it expires from the packet cache, leading to a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 119056 published 2018-11-21 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119056 title FreeBSD : powerdns -- Multiple vulnerabilities (0aee2f13-ec1d-11e8-8c92-6805ca2fa271) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(119056); script_version("1.2"); script_cvs_date("Date: 2018/12/24 10:14:27"); script_cve_id("CVE-2018-10851", "CVE-2018-14626"); script_name(english:"FreeBSD : powerdns -- Multiple vulnerabilities (0aee2f13-ec1d-11e8-8c92-6805ca2fa271)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "PowerDNS Team reports : CVE-2018-10851: An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause a memory leak by inserting a specially crafted record in a zone under their control, then sending a DNS query for that record. The issue is due to the fact that some memory is allocated before the parsing and is not always properly released if the record is malformed. When the PowerDNS Authoritative Server is run inside the guardian (--guardian), or inside a supervisor like supervisord or systemd, an out-of-memory crash will lead to an automatic restart, limiting the impact to a somewhat degraded service. CVE-2018-14626: An issue has been found in PowerDNS Authoritative Server allowing a remote user to craft a DNS query that will cause an answer without DNSSEC records to be inserted into the packet cache and be returned to clients asking for DNSSEC records, thus hiding the presence of DNSSEC signatures for a specific qname and qtype. For a DNSSEC-signed domain, this means that DNSSEC validating clients will consider the answer to be bogus until it expires from the packet cache, leading to a denial of service." ); script_set_attribute( attribute:"see_also", value:"https://doc.powerdns.com/authoritative/changelog/4.1.html" ); # https://vuxml.freebsd.org/freebsd/0aee2f13-ec1d-11e8-8c92-6805ca2fa271.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?848f599a" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:powerdns"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/11/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"powerdns<4.1.5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1565.NASL description This update for pdns-recursor fixes the following issues : Security issues fixed : - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157). - CVE-2018-14644: Fixed denial of service via crafted query for meta-types (bsc#1114170). - CVE-2018-14626: Fixed packet cache pollution via crafted query (bsc#1114169). - CVE-2018-16855: Fixed case where a crafted query could cause a denial of service (bsc#1116592) last seen 2020-06-05 modified 2018-12-18 plugin id 119738 published 2018-12-18 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119738 title openSUSE Security Update : pdns-recursor (openSUSE-2018-1565) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-1565. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(119738); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-10851", "CVE-2018-14626", "CVE-2018-14644", "CVE-2018-16855"); script_name(english:"openSUSE Security Update : pdns-recursor (openSUSE-2018-1565)"); script_summary(english:"Check for the openSUSE-2018-1565 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for pdns-recursor fixes the following issues : Security issues fixed : - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157). - CVE-2018-14644: Fixed denial of service via crafted query for meta-types (bsc#1114170). - CVE-2018-14626: Fixed packet cache pollution via crafted query (bsc#1114169). - CVE-2018-16855: Fixed case where a crafted query could cause a denial of service (bsc#1116592)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114157" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114169" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114170" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1116592" ); script_set_attribute( attribute:"solution", value:"Update the affected pdns-recursor packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns-recursor"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns-recursor-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns-recursor-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"pdns-recursor-4.1.2-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"pdns-recursor-debuginfo-4.1.2-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"pdns-recursor-debugsource-4.1.2-lp150.2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdns-recursor / pdns-recursor-debuginfo / pdns-recursor-debugsource"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1564.NASL description This update for pdns-recursor fixes the following issues : Security issues fixed : - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157). - CVE-2018-14644: Fixed denial of service via crafted query for meta-types (bsc#1114170). - CVE-2018-14626: Fixed packet cache pollution via crafted query (bsc#1114169). last seen 2020-06-05 modified 2018-12-18 plugin id 119737 published 2018-12-18 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119737 title openSUSE Security Update : pdns-recursor (openSUSE-2018-1564) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-1564. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(119737); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-10851", "CVE-2018-14626", "CVE-2018-14644"); script_name(english:"openSUSE Security Update : pdns-recursor (openSUSE-2018-1564)"); script_summary(english:"Check for the openSUSE-2018-1564 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for pdns-recursor fixes the following issues : Security issues fixed : - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157). - CVE-2018-14644: Fixed denial of service via crafted query for meta-types (bsc#1114170). - CVE-2018-14626: Fixed packet cache pollution via crafted query (bsc#1114169)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114157" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114169" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114170" ); script_set_attribute( attribute:"solution", value:"Update the affected pdns-recursor packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns-recursor"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns-recursor-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns-recursor-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/09"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"pdns-recursor-4.0.5-9.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"pdns-recursor-debuginfo-4.0.5-9.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"pdns-recursor-debugsource-4.0.5-9.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdns-recursor / pdns-recursor-debuginfo / pdns-recursor-debugsource"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-989.NASL description This update for pdns fixes the following issues : Security issues fixed : - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157). - CVE-2018-14626: Fixed packet cache pollution via crafted query (bsc#1114169). last seen 2020-06-01 modified 2020-06-02 plugin id 123406 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123406 title openSUSE Security Update : pdns (openSUSE-2019-989) NASL family Fedora Local Security Checks NASL id FEDORA_2018-E14840A7F5.NASL description Fixes CVE-2018-16855 (Crafted query can cause a denial of service) ---- New upstream release with security fixes for CVE-2018-10851, CVE-2018-14626 and CVE-2018-14644 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120858 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120858 title Fedora 29 : pdns-recursor (2018-e14840a7f5) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-988.NASL description This update for pdns-recursor fixes the following issues : Security issues fixed : - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157). - CVE-2018-14644: Fixed denial of service via crafted query for meta-types (bsc#1114170). - CVE-2018-14626: Fixed packet cache pollution via crafted query (bsc#1114169). - CVE-2018-16855: Fixed case where a crafted query could cause a denial of service (bsc#1116592) last seen 2020-06-01 modified 2020-06-02 plugin id 123405 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123405 title openSUSE Security Update : pdns-recursor (openSUSE-2019-988) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E9AA0E4CEA8B11E8A5B700E04C1EA73D.NASL description powerdns Team reports : CVE-2018-10851: An issue has been found in PowerDNS Recursor allowing a malicious authoritative server to cause a memory leak by sending specially crafted records. The issue is due to the fact that some memory is allocated before the parsing and is not always properly released if the record is malformed. When the PowerDNS Recursor is run inside a supervisor like supervisord or systemd, an out-of-memory crash will lead to an automatic restart, limiting the impact to a somewhat degraded service. CVE-2018-14626: An issue has been found in PowerDNS Recursor allowing a remote user to craft a DNS query that will cause an answer without DNSSEC records to be inserted into the packet cache and be returned to clients asking for DNSSEC records, thus hiding the presence of DNSSEC signatures for a specific qname and qtype. For a DNSSEC-signed domain, this means that clients performing DNSSEC validation by themselves might consider the answer to be bogus until it expires from the packet cache, leading to a denial of service. CVE-2018-14644: An issue has been found in PowerDNS Recursor where a remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail. last seen 2020-06-01 modified 2020-06-02 plugin id 119021 published 2018-11-19 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119021 title FreeBSD : powerdns-recursor -- Multiple vulnerabilities (e9aa0e4c-ea8b-11e8-a5b7-00e04c1ea73d) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1566.NASL description This update for pdns fixes the following issues : Security issues fixed : - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157). - CVE-2018-14626: Fixed packet cache pollution via crafted query (bsc#1114169). last seen 2020-06-05 modified 2018-12-18 plugin id 119739 published 2018-12-18 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119739 title openSUSE Security Update : pdns (openSUSE-2018-1566) NASL family Fedora Local Security Checks NASL id FEDORA_2018-85FC964DE8.NASL description - Update to 4.1.5 Release notes: https://blog.powerdns.com/2018/11/06/powerdns-authoritative-server-4-0 -6-4-1-5-and-recursor-4-0-9-4-1-5-released/ PowerDNS Security Advisory 2018-03 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a dvisory-2018-03.html) (CVE-2018-10851) PowerDNS Security Advisory 2018-05 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-a dvisory-2018-05.html) (CVE-2018-14626) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120583 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120583 title Fedora 29 : pdns (2018-85fc964de8)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14626
- https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html
- https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14626
- https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html
- https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html