An issue has been found in PowerDNS Authoritative Server and PowerDNS Recursor allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature.
|19 Jan 2017||ASA-201701-30||AVG-148||powerdns-recursor||Medium||multiple issues|
|19 Jan 2017||ASA-201701-29||AVG-147||powerdns||Medium||multiple issues|
PowerDNS Authoritative Server up to and including 3.4.10 and 4.0.1 are affected. PowerDNS Recursor from 4.0.0 up to and including 4.0.3 are affected.