VDB
CVE-2017-15090
CVE-2017-15090
PUBLISHED
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.
EPSS 0.00% · 0.0th percentile
Risk Scores
EPSS Score
0.00%
0.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | pdns-recursor | 0, 3.7.3-1, 4.0.0~alpha1-1 |
Timeline
- Jan 23, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- May 13, 2022 CVE Updated
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-15090 third-party-advisory
- https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html third-party-advisory
- https://downloads.powerdns.com/patches/2017-03/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-15090 third-party-advisory