CVE-2016-7074

Опубликовано: 11 сент. 2018

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4.3

CVSS3: 5.3

Описание

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	4.0.2-1
cosmic	not-affected	4.0.2-1
devel	not-affected	4.0.2-1
disco	not-affected	4.0.2-1
eoan	not-affected	4.0.2-1
esm-apps/bionic	not-affected	4.0.2-1
esm-apps/focal	not-affected	4.0.2-1
esm-apps/jammy	not-affected	4.0.2-1
esm-apps/noble	not-affected	4.0.2-1

Показывать по

Релиз	Статус	Примечание
artful	not-affected	4.0.4-1
bionic	not-affected	4.0.4-1
cosmic	not-affected	4.0.4-1
devel	not-affected	4.0.4-1
disco	not-affected	4.0.4-1
eoan	not-affected	4.0.4-1
esm-apps/bionic	not-affected	4.0.4-1
esm-apps/focal	not-affected	4.0.4-1
esm-apps/jammy	not-affected	4.0.4-1
esm-apps/noble	not-affected	4.0.4-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 0%

0.00004

Низкий

4.3 Medium

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2016-7074

CVSS3: 5.3

nvd

больше 7 лет назад

CVE-2016-7074

CVSS3: 5.3

debian

больше 7 лет назад

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and Power ...

GHSA-pwxm-qc32-g74q

CVSS3: 5.9

github

больше 3 лет назад

openSUSE-SU-2017:0183-1

suse-cvrf

около 9 лет назад

Security update for pdns

EPSS

Процентиль: 0%

0.00004

Низкий

4.3 Medium

CVSS2

5.3 Medium

CVSS3

CVE-2016-7074

Описание

Пакет pdns

Пакет pdns-recursor

Ссылки на источники

Связанные уязвимости