Attachment #214752 for bug #246655

View | Details | Raw Unified | Return to bug 246655 | Differences between
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="f9c5a410-9b4e-11ea-ac3f-6805ca2fa271">
    <topic>powerdns-recursor -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>powerdns-recursor</name>
	<range><lt>4.3.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>PowerDNS Team reports:</p>
	<blockquote cite="https://doc.powerdns.com/recursor/changelog/4.3.html#change-4.3.1">
	  <p>CVE-2020-10995: An issue in the DNS protocol has been found that allow malicious parties to use
	   recursive DNS services to attack third party authoritative name servers. The attack uses a crafted
	   reply by an authoritative name server to amplify the resulting traffic between the recursive and
	   other authoritative name servers. Both types of service can suffer degraded performance as an effect.</p>
	  <p>CVE-2020-12244: An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in
	   the answer section of a NXDOMAIN response lacking an SOA were not properly validated in
	   SyncRes::processAnswer. This would allow an attacker in position of man-in-the-middle to send a
	   NXDOMAIN answer for a name that does exist, bypassing DNSSEC validation.</p>
	  <p>CVE-2020-10030: An issue has been found in PowerDNS Authoritative Server allowing an attacker
	   with enough privileges to change the system's hostname to cause disclosure of uninitialized memory
	   content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does
	   not null-terminate the returned string if the hostname is larger than the supplied buffer. Linux
	   systems are not affected because the buffer is always large enough. OpenBSD systems are not affected
	   because the returned hostname is always null-terminated. Under some conditions this issue can lead
	   to the writing of one null-byte out-of-bounds on the stack, causing a denial of service or possibly
	   arbitrary code execution.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://doc.powerdns.com/recursor/security-advisories/index.html</url>
      <cvename>CVE-2020-10995</cvename>
      <cvename>CVE-2020-12244</cvename>
      <cvename>CVE-2020-10030</cvename>
    </references>
    <dates>
      <discovery>2020-05-19</discovery>
      <entry>2020-05-21</entry>
    </dates>
  </vuln>

  <vuln vid="4d11d37e-9a8d-11ea-b9b8-641c67a117d8">
    <topic>Zabbix -- Remote code execution</topic>
    <affects>

Return to bug 246655

Lines 58-63 Link Here

(-)vuln.xml (+43 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="f9c5a410-9b4e-11ea-ac3f-6805ca2fa271">
		62	<topic>powerdns-recursor -- multiple vulnerabilities</topic>
		63	<affects>
		64	<package>
		65	<name>powerdns-recursor</name>
		66	<range><lt>4.3.1</lt></range>
		67	</package>
		68	</affects>
		69	<description>
		70	<body xmlns="http://www.w3.org/1999/xhtml">
		71	<p>PowerDNS Team reports:</p>
		72	<blockquote cite="https://doc.powerdns.com/recursor/changelog/4.3.html#change-4.3.1">
		73	<p>CVE-2020-10995: An issue in the DNS protocol has been found that allow malicious parties to use
		74	recursive DNS services to attack third party authoritative name servers. The attack uses a crafted
		75	reply by an authoritative name server to amplify the resulting traffic between the recursive and
		76	other authoritative name servers. Both types of service can suffer degraded performance as an effect.</p>
		77	<p>CVE-2020-12244: An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in
		78	the answer section of a NXDOMAIN response lacking an SOA were not properly validated in
		79	SyncRes::processAnswer. This would allow an attacker in position of man-in-the-middle to send a
		80	NXDOMAIN answer for a name that does exist, bypassing DNSSEC validation.</p>
		81	<p>CVE-2020-10030: An issue has been found in PowerDNS Authoritative Server allowing an attacker
		82	with enough privileges to change the system's hostname to cause disclosure of uninitialized memory
		83	content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does
		84	not null-terminate the returned string if the hostname is larger than the supplied buffer. Linux
		85	systems are not affected because the buffer is always large enough. OpenBSD systems are not affected
		86	because the returned hostname is always null-terminated. Under some conditions this issue can lead
		87	to the writing of one null-byte out-of-bounds on the stack, causing a denial of service or possibly
		88	arbitrary code execution.</p>
		89	</blockquote>
		90	</body>
		91	</description>
		92	<references>
		93	<url>https://doc.powerdns.com/recursor/security-advisories/index.html</url>
		94	<cvename>CVE-2020-10995</cvename>
		95	<cvename>CVE-2020-12244</cvename>
		96	<cvename>CVE-2020-10030</cvename>
		97	</references>
		98	<dates>
		99	<discovery>2020-05-19</discovery>
		100	<entry>2020-05-21</entry>
		101	</dates>
		102	</vuln>
		103
61	<vuln vid="4d11d37e-9a8d-11ea-b9b8-641c67a117d8">	104	<vuln vid="4d11d37e-9a8d-11ea-b9b8-641c67a117d8">
62	<topic>Zabbix -- Remote code execution</topic>	105	<topic>Zabbix -- Remote code execution</topic>
63	<affects>	106	<affects>