Oval Definition:oval:org.opensuse.security:def:201715091
Revision Date:2022-06-30Version:1
Title:CVE-2017-15091
Description:

An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-15091
Mitre CVE-2017-15091
SUSE CVE-2017-15091
openSUSE-SU-2017:3221-1
Platform(s):openSUSE Leap 42.2
openSUSE Leap 42.3
openSUSE Tumbleweed
Product(s):
Definition Synopsis
  • openSUSE Leap 42.2 is installed
  • AND Package Information
  • pdns-3.4.9-5.3.1 is installed
  • AND pdns is signed with openSUSE key
  • OR
  • pdns-backend-ldap-3.4.9-5.3.1 is installed
  • AND pdns-backend-ldap is signed with openSUSE key
  • OR
  • pdns-backend-lua-3.4.9-5.3.1 is installed
  • AND pdns-backend-lua is signed with openSUSE key
  • OR
  • pdns-backend-mydns-3.4.9-5.3.1 is installed
  • AND pdns-backend-mydns is signed with openSUSE key
  • OR
  • pdns-backend-mysql-3.4.9-5.3.1 is installed
  • AND pdns-backend-mysql is signed with openSUSE key
  • OR
  • pdns-backend-postgresql-3.4.9-5.3.1 is installed
  • AND pdns-backend-postgresql is signed with openSUSE key
  • OR
  • pdns-backend-sqlite3-3.4.9-5.3.1 is installed
  • AND pdns-backend-sqlite3 is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • pdns-4.0.3-9 is installed
  • AND pdns is signed with openSUSE key
  • OR
  • pdns-backend-geoip-4.0.3-9 is installed
  • AND pdns-backend-geoip is signed with openSUSE key
  • OR
  • pdns-backend-godbc-4.0.3-9 is installed
  • AND pdns-backend-godbc is signed with openSUSE key
  • OR
  • pdns-backend-ldap-4.0.3-9 is installed
  • AND pdns-backend-ldap is signed with openSUSE key
  • OR
  • pdns-backend-lua-4.0.3-9 is installed
  • AND pdns-backend-lua is signed with openSUSE key
  • OR
  • pdns-backend-mydns-4.0.3-9 is installed
  • AND pdns-backend-mydns is signed with openSUSE key
  • OR
  • pdns-backend-mysql-4.0.3-9 is installed
  • AND pdns-backend-mysql is signed with openSUSE key
  • OR
  • pdns-backend-postgresql-4.0.3-9 is installed
  • AND pdns-backend-postgresql is signed with openSUSE key
  • OR
  • pdns-backend-remote-4.0.3-9 is installed
  • AND pdns-backend-remote is signed with openSUSE key
  • OR
  • pdns-backend-sqlite3-4.0.3-9 is installed
  • AND pdns-backend-sqlite3 is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • pdns-4.5.1-1.5 is installed
  • OR pdns-backend-geoip-4.5.1-1.5 is installed
  • OR pdns-backend-godbc-4.5.1-1.5 is installed
  • OR pdns-backend-ldap-4.5.1-1.5 is installed
  • OR pdns-backend-lmdb-4.5.1-1.5 is installed
  • OR pdns-backend-lua-4.5.1-1.5 is installed
  • OR pdns-backend-mysql-4.5.1-1.5 is installed
  • OR pdns-backend-postgresql-4.5.1-1.5 is installed
  • OR pdns-backend-remote-4.5.1-1.5 is installed
  • OR pdns-backend-sqlite3-4.5.1-1.5 is installed
    • BACK