CVE-2017-15090 log

Source
Severity Medium
Remote Yes
Type Insufficient validation
Description
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 up to and including 4.0.5, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.
Group Package Affected Fixed Severity Status Ticket
AVG-520 powerdns-recursor 4.0.6-3 4.0.7-1 Medium Fixed
Date Advisory Group Package Severity Type
27 Nov 2017 ASA-201711-31 AVG-520 powerdns-recursor Medium multiple issues
References
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html
https://github.com/PowerDNS/pdns/commit/9aed598c9a0a8f9b3a2a9c2310023d56c4a26ef8