CVE-2020-10995

Published: May 19, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue.

Affected (6)

Products: Powerdns: Recursor · Fedoraproject: Fedora · Debian: Debian Linux · +1 more

Show all products

Powerdns: Recursor · Fedoraproject: Fedora · Debian: Debian Linux · Opensuse: Backports Sle, Leap

1 product

1 product

1 product

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Powerdns Recursor	From 4.1.0 to 4.3.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 31
Fedoraproject Fedora	Version 32

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Backports Sle	Version 15.0 sp1
Opensuse Leap	Version 15.1

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (12)

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.nxnsattack.com

Source: cve@mitre.org

Technical DescriptionThird Party Advisory

https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html

Source: cve@mitre.org

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMP72NJGKBWR5WEBXAWX5KSLQUDFTG6S/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PS4ZN5XGENYNFKX7QIIOUCQQHXE37GJF/

Source: cve@mitre.org

https://www.debian.org/security/2020/dsa-4691

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.nxnsattack.com

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionThird Party Advisory

https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMP72NJGKBWR5WEBXAWX5KSLQUDFTG6S/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PS4ZN5XGENYNFKX7QIIOUCQQHXE37GJF/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2020/dsa-4691

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.