vulnerability

Ubuntu: (CVE-2016-7073): pdns vulnerability

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Sep 11, 2018

Added

Jun 26, 2025

Modified

Jul 28, 2025

Description

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack.

Solution

no-fix-ubuntu-package

References

CVE-2016-7073
https://attackerkb.com/topics/CVE-2016-7073
https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/
https://www.cve.org/CVERecord?id=CVE-2016-7073

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report