CVE-2018-14644 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Denial of service |
Description | An issue has been found in PowerDNS Recursor before 4.1.5 where a remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-805 | powerdns-recursor | 4.1.4-3 | 4.1.5-1 | Medium | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
12 Nov 2018 | ASA-201811-13 | AVG-805 | powerdns-recursor | Medium | denial of service |
References |
---|
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html |