UBUNTU-CVE-2017-15091

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2017-15091

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-15091.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-15091

Related

CVE-2017-15091

Published

2018-01-23T15:29:00Z

Modified

2018-01-23T15:29:00Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVSS Calculator

Summary

[none]

Details

An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.

References

Affected packages

Ubuntu:Pro:16.04:LTS / pdns

Package

Name: pdns

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.4.5-1build2

3.4.6-2

3.4.6-3

3.4.7-1

3.4.7-2

4.*

4.0.0~alpha1-1

4.0.0~alpha2-2

4.0.0~alpha2-3

4.0.0~alpha2-3build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / pdns

Package

Name: pdns
Purl: pkg:deb/ubuntu/pdns@4.1.1-1?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.1-1

Affected versions

4.*

4.0.4-2

4.0.4-2build1

4.0.5-1

4.1.0-1

4.1.0-2

4.1.0-2build1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "pdns-backend-geoip": "4.1.1-1",
            "pdns-backend-pgsql": "4.1.1-1",
            "pdns-backend-pipe": "4.1.1-1",
            "pdns-backend-sqlite3-dbgsym": "4.1.1-1",
            "pdns-backend-opendbx-dbgsym": "4.1.1-1",
            "pdns-server": "4.1.1-1",
            "pdns-backend-odbc": "4.1.1-1",
            "pdns-backend-lua-dbgsym": "4.1.1-1",
            "pdns-server-dbgsym": "4.1.1-1",
            "pdns-backend-mysql-dbgsym": "4.1.1-1",
            "pdns-backend-opendbx": "4.1.1-1",
            "pdns-backend-sqlite3": "4.1.1-1",
            "pdns-backend-pipe-dbgsym": "4.1.1-1",
            "pdns-backend-pgsql-dbgsym": "4.1.1-1",
            "pdns-backend-remote": "4.1.1-1",
            "pdns-backend-tinydns-dbgsym": "4.1.1-1",
            "pdns-backend-ldap": "4.1.1-1",
            "pdns-backend-odbc-dbgsym": "4.1.1-1",
            "pdns-backend-bind-dbgsym": "4.1.1-1",
            "pdns-tools-dbgsym": "4.1.1-1",
            "pdns-backend-lua": "4.1.1-1",
            "pdns-backend-tinydns": "4.1.1-1",
            "pdns-backend-geoip-dbgsym": "4.1.1-1",
            "pdns-backend-mydns-dbgsym": "4.1.1-1",
            "pdns-backend-remote-dbgsym": "4.1.1-1",
            "pdns-backend-ldap-dbgsym": "4.1.1-1",
            "pdns-backend-mysql": "4.1.1-1",
            "pdns-backend-mydns": "4.1.1-1",
            "pdns-tools": "4.1.1-1",
            "pdns-backend-bind": "4.1.1-1"
        }
    ]
}