Home > Vulnerability Database > CVE-2017-15090

Mend.io Vulnerability Database

CVE-2017-15090

Good to know:

Date: November 26, 2017

An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.

Language: C

Severity Score

5.9

Related Resources (6)

Url: https://security-tracker.debian.org/tracker/CVE-2017-15090

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15090

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-15090

Url: http://www.securityfocus.com/bid/101982

Url: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html

Url: https://www.mend.io/vulnerability-database/CVE-2017-15090

Severity Score

5.9

Weakness Type (CWE)

Improper Verification of Cryptographic Signature

CWE-347

Top Fix

Upgrade Version

Upgrade to version 4.0.7

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-15090

Good to know:

Date: November 26, 2017

Language: C

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?