Vulnerability & Exploit Database

Back to search

Alpine Linux: CVE-2017-15093: pdns-recursor Multiple vulnerabilities

Severity CVSS Published Added Modified
4 (AV:N/AC:M/Au:S/C:N/I:P/A:N) December 07, 2017 December 18, 2017 February 20, 2018


When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now




Related Vulnerabilities