#VU47532 Input validation error in PowerDNS Recursor - CVE-2020-25829

Cybersecurity Help s.r.o.

Published: 2020-10-13

Vulnerability identifier: #VU47532

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-25829

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PowerDNS Recursor
Server applications / DNS servers

Vendor: PowerDNS.COM B.V.

Description

The vulnerability allows a remote attacker to perform cache poisoning attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause the cached records for a given name to be updated to the ‘Bogus’ DNSSEC validation state, instead of their actual DNSSEC ‘Secure’ state, via a DNS ANY query. This results in a denial of service for installations that always validate (dnssec=validate) and for clients requesting validation when on-demand validation is enabled (dnssec=process).

Mitigation
Install updates from vendor's website.

Vulnerable software versions

PowerDNS Recursor: 4.0.0 rc1 - 4.0.9, 4.1.0 rc1 - 4.1.17, 4.2.0 alpha1 - 4.2.4, 4.3.0 rc1 - 4.3.4, 4.4.0 alpha1

External links
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for PowerDNS Recursor

Arch Linux update for powerdns-recursor

OpenSUSE Linux update for pdns-recursor

Input validation error in pdns-recursor (Alpine package)

Cache poisoning in PowerDNS Recursor