UBUNTU-CVE-2017-15090

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2017-15090
Published: 23 Jan 2018, 15:29
Last modified:08 Sept 2025, 16:44

Vulnerability Summary

Overall Risk (default)
low
24/100
CVSS Score
5.9 MEDIUM
3.0 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

23 Jan 2018, 15:29
Published
Vulnerability first disclosed
08 Sept 2025, 16:44
Last Modified
Vulnerability information updated

Description

An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.

CVSS Metrics

  • v3.0MEDIUMScore: 5.9CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Systems

  • ubuntupdns-recursor

    all

References (4)