Oval Definition:	oval:org.opensuse.security:def:201715093
Revision Date: 2022-06-30 Version: 1 Title: CVE-2017-15093 Description: When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration. Family: unix Class: vulnerability Status: Reference(s): CVE-2017-15093 Mitre CVE-2017-15093 SUSE CVE-2017-15093 openSUSE-SU-2017:3218-1 Platform(s): openSUSE Leap 42.2 openSUSE Leap 42.3 openSUSE Tumbleweed Product(s): Definition Synopsis openSUSE Leap 42.2 is installed AND Package Information pdns-recursor-3.7.3-9.3.1 is installed AND pdns-recursor is signed with openSUSE key Definition Synopsis openSUSE Leap 42.3 is installed AND Package Information pdns-recursor-4.0.5-3 is installed AND pdns-recursor is signed with openSUSE key Definition Synopsis openSUSE Tumbleweed is installed AND pdns-recursor-4.5.5-1.3 is installed
BACK