CVE-2012-1193 — Recursor vulnerability

7 documents5 sources

Severity

6.4MEDIUMNVD

EPSS

0.0%

top 94.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Powerdns Recursor

Timeline

PublishedFeb 17

Latest updateMay 17

Description

The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDpowerdns/powerdns_recursor3.3

🔴Vulnerability Details

GHSA

GHSA-fhvj-8gvm-8r55: The resolver in PowerDNS Recursor (aka pdns_recursor) 3↗2022-05-17

▶

OSV

CVE-2012-1193: The resolver in PowerDNS Recursor (aka pdns_recursor) 3↗2012-02-17

▶

CVEList

CVE-2012-1193: The resolver in PowerDNS Recursor (aka pdns_recursor) 3↗2012-02-17

▶

💬Community

Bugzilla

CVE-2012-1193 pdns-recursor: Deleted / ghost domain names resolving flaw [epel-all]↗2012-02-18

▶

Bugzilla

CVE-2012-1193 pdns-recursor: Deleted / ghost domain names resolving flaw↗2012-02-18

▶

Bugzilla

CVE-2012-1193 pdns-recursor: Deleted / ghost domain names resolving flaw [fedora-all]↗2012-02-18

▶