CVE Vulnerabilities

CVE-2019-3807

Improper Certificate Validation

Published: Jan 29, 2019 | Modified: Oct 09, 2019
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Recursor Powerdns 4.1.0 (including) 4.1.8 (including)
Pdns-recursor Ubuntu bionic *
Pdns-recursor Ubuntu cosmic *
Pdns-recursor Ubuntu trusty *
Pdns-recursor Ubuntu upstream *
Pdns-recursor Ubuntu xenial *

Potential Mitigations

References