Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-15093

Опубликовано: 23 янв. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 3.5
CVSS3: 5.3

Описание

When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

4.1.1-2
cosmic

not-affected

4.1.1-2
devel

not-affected

4.1.1-2
disco

not-affected

4.1.1-2
eoan

not-affected

4.1.1-2
esm-apps/bionic

not-affected

4.1.1-2
esm-apps/focal

not-affected

4.1.1-2
esm-apps/jammy

not-affected

4.1.1-2
esm-apps/noble

not-affected

4.1.1-2

Показывать по

Ссылки на источники

EPSS

Процентиль: 0%
0.00005
Низкий

3.5 Low

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2017-15093

CVSS3: 5.3
nvd
около 8 лет назад

When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.

debian логотип

CVE-2017-15093

CVSS3: 5.3
debian
около 8 лет назад

When api-config-dir is set to a non-empty value, which is not the case ...

github логотип

GHSA-jc23-xg6p-84pp

CVSS3: 5.3
github
больше 3 лет назад

When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.

suse-cvrf логотип

openSUSE-SU-2017:3218-1

suse-cvrf
около 8 лет назад

Security update for pdns-recursor

EPSS

Процентиль: 0%
0.00005
Низкий

3.5 Low

CVSS2

5.3 Medium

CVSS3