Vulnerabilities > CVE-2020-25829
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).
Vulnerable Configurations
References
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00036.html
- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html
- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html
- https://security.gentoo.org/glsa/202012-19
- https://security.gentoo.org/glsa/202012-19