PowerDNS Recursor: Denial of service — GLSA 202012-19

A vulnerability in PowerDNS Recursor could lead to a Denial of Service condition.

Affected packages

net-dns/pdns-recursor on all architectures
Affected versions < 4.3.5
Unaffected versions >= 4.3.5

Background

PowerDNS Recursor is a high-end, high-performance resolving name server.

Description

It was discovered that it was possible to update the DNSSEC validation state to a bogus state for a cached record via DNS ANY query.

Impact

A remote attacker could send specially crafted DNS queries to deny DNSSEC validation.

Workaround

There is no known workaround at this time.

Resolution

All PowerDNS Recursor users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-dns/pdns-recursor-4.3.5"
 

References

Release date
December 23, 2020

Latest revision
December 23, 2020: 1

Severity
low

Exploitable
remote

Bugzilla entries