Vulnerability Name:

CVE-2020-10030 (CCN-182160)

Assigned:2020-05-19
Published:2020-05-19
Updated:2020-06-14
Summary:An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\0' termination.) Under some conditions, this issue can lead to the writing of one '\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)
6.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-125
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2020-10030

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0698

Source: CONFIRM
Type: Vendor Advisory
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html

Source: CCN
Type: PowerDNS Security Advisory 2020-03
PowerDNS Security Advisory 2020-03: Information disclosure

Source: XF
Type: UNKNOWN
powerdns-cve202010030-info-disc(182160)

Source: FEDORA
Type: UNKNOWN
FEDORA-2020-c0ff3df740

Source: FEDORA
Type: UNKNOWN
FEDORA-2020-d9abb0c06d

Source: CCN
Type: oss-sec Mailing List, Tue, 19 May 2020 11:00:44 +0200
PowerDNS Recursor 4.3.1, 4.2.2. and 4.1.16 released fixing multiple vulnerabilities

Vulnerable Configuration:Configuration 1:
  • cpe:/a:powerdns:recursor:*:*:*:*:*:*:*:* (Version >= 4.1.0 and <= 4.3.0)

    • Configuration CCN 1:
  • cpe:/a:powerdns:recursor:4.1.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:202010030
    V
    		CVE-2020-10030
    2022-06-30
    oval:org.opensuse.security:def:93609
    P
    		 (Important)
    2022-05-17
    oval:org.opensuse.security:def:113104
    P
    		pdns-recursor-4.5.5-1.3 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:64641
    P
    		Security update for p11-kit (Important)
    2021-12-22
    oval:org.opensuse.security:def:74753
    P
    		Security update for python3 (Moderate)
    2021-12-16
    oval:org.opensuse.security:def:64811
    P
    		Security update for wireshark (Moderate)
    2021-12-06
    oval:org.opensuse.security:def:106539
    P
    		pdns-recursor-4.5.5-1.3 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:100322
    P
    		 (Important)
    2021-08-24
    oval:org.opensuse.security:def:63094
    P
    		libicu60_2-60.2-3.9.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:64539
    P
    		Security update for arpwatch (Important)
    2021-06-28
    oval:org.opensuse.security:def:64699
    P
    		Security update for lz4 (Important)
    2021-06-01
    oval:org.opensuse.security:def:62891
    P
    		build-20190128-3.3.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62884
    P
    		ant-1.9.10-3.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63590
    P
    		libpskc-devel-2.6.2-1.15 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62916
    P
    		perl-Config-IniFiles-2.94-1.23 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63387
    P
    		apache-commons-beanutils-1.9.2-2.46 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62888
    P
    		blktrace-1.1.0+git.20170126-3.3.28 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:25693
    P
    		Security update for LibreOffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63737
    P
    		Security update for libxslt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25075
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:74886
    P
    		Security update for pdns-recursor (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25781
    P
    		Security update for libqt4 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64295
    P
    		libQt5Concurrent-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25267
    P
    		Security update for exiv2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25839
    P
    		Security update for gimp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64432
    P
    		perl-Archive-Zip on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25405
    P
    		Security update for spice-gtk (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26512
    P
    		Security update for pdns-recursor (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25640
    P
    		Security update for libqt5-qtsvg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25064
    P
    		Security update for qemu (Important)
    2020-12-01
    oval:org.opensuse.security:def:63966
    P
    		Security update for tigervnc (Important)
    2020-12-01
    oval:org.opensuse.security:def:25139
    P
    		Security update for sqlite3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25063
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25795
    P
    		Security update for kernel-source (Important)
    2020-12-01
    oval:org.opensuse.security:def:64431
    P
    		perl on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25348
    P
    		Security update for ucode-intel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26477
    P
    		Security update for phpMyAdmin (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25489
    P
    		Security update for pam_radius (Important)
    2020-12-01
    oval:org.opensuse.security:def:110548
    P
    		Security update for pdns-recursor (Moderate)
    2020-05-23
    BACK
    powerdns recursor *
    powerdns recursor 4.1.0