CVE-2017-15090

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-15090

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-15090.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-15090

Downstream

DEBIAN-CVE-2017-15090

UBUNTU-CVE-2017-15090

openSUSE-SU-2024:11157-1

Related

openSUSE-SU-2024:11157-1

Published

2018-01-23T15:29:00Z

Modified

2025-09-19T08:54:22.871497Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.

References

Affected packages

Git / github.com/powerdns/pdns

Affected ranges

Type: GIT
Repo: https://github.com/powerdns/pdns
Events: Introduced

ba64cecd417688dc39c75e92f1a23b91f7f46d64

Last affected

f8023470fdd6c5af6f163857757a90f5955a860e

Affected versions

auth-4.*

auth-4.0.0

auth-4.0.1

dnsdist-1.*

dnsdist-1.1.0-beta1

rec-4.*

rec-4.0.0

rec-4.0.1

rec-4.0.2

rec-4.0.3

rec-4.0.4

rec-4.0.5

rec-4.0.5-rc1

rec-4.0.5-rc2

rec-4.0.6