Vulnerability CVE-2020-10995

Vulnerability Name:

CVE-2020-10995 (CCN-182161)

Assigned:

2020-05-19

Published:

2020-05-19

Updated:

2022-04-26

Summary:

PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-400

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-10995

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:0698

Source: MISC
Type: Technical Description, Third Party Advisory
http://www.nxnsattack.com

Source: CONFIRM
Type: Vendor Advisory
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html

Source: CCN
Type: PowerDNS Security Advisory 2020-01
PowerDNS Security Advisory 2020-01: Denial of Service

Source: XF
Type: UNKNOWN
powerdns-cve202010995-dos(182161)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-c0ff3df740

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-d9abb0c06d

Source: CCN
Type: oss-sec Mailing List, Tue, 19 May 2020 11:00:44 +0200
PowerDNS Recursor 4.3.1, 4.2.2. and 4.1.16 released fixing multiple vulnerabilities

Source: DEBIAN
Type: Third Party Advisory
DSA-4691

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-10995

Vulnerable Configuration:

Configuration 1:

cpe:/a:powerdns:recursor:*:*:*:*:*:*:*:* (Version >= 4.1.0 and <= 4.3.0)

Configuration 2:

cpe:/o:fedoraproject:fedora:31:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*

OR cpe:/o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:powerdns:recursor:4.1.0:*:*:*:*:*:*:*

OR cpe:/a:powerdns:recursor:4.3.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202010995	V	CVE-2020-10995	2022-06-30
oval:org.opensuse.security:def:93609	P	(Important)	2022-05-17
oval:org.opensuse.security:def:113104	P	pdns-recursor-4.5.5-1.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:64641	P	Security update for p11-kit (Important)	2021-12-22
oval:org.opensuse.security:def:74753	P	Security update for python3 (Moderate)	2021-12-16
oval:org.opensuse.security:def:64811	P	Security update for wireshark (Moderate)	2021-12-06
oval:org.opensuse.security:def:106539	P	pdns-recursor-4.5.5-1.3 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:100322	P	(Important)	2021-08-24
oval:org.opensuse.security:def:63094	P	libicu60_2-60.2-3.9.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:64539	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:64699	P	Security update for lz4 (Important)	2021-06-01
oval:org.opensuse.security:def:62891	P	build-20190128-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62884	P	ant-1.9.10-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63590	P	libpskc-devel-2.6.2-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62916	P	perl-Config-IniFiles-2.94-1.23 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63387	P	apache-commons-beanutils-1.9.2-2.46 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62888	P	blktrace-1.1.0+git.20170126-3.3.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25693	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:63737	P	Security update for libxslt (Moderate)	2020-12-01
oval:org.opensuse.security:def:25075	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:74886	P	Security update for pdns-recursor (Moderate)	2020-12-01
oval:org.opensuse.security:def:25781	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:64295	P	libQt5Concurrent-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25267	P	Security update for exiv2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25839	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:64432	P	perl-Archive-Zip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25405	P	Security update for spice-gtk (Moderate)	2020-12-01
oval:org.opensuse.security:def:26512	P	Security update for pdns-recursor (Moderate)	2020-12-01
oval:org.opensuse.security:def:25640	P	Security update for libqt5-qtsvg (Moderate)	2020-12-01
oval:org.opensuse.security:def:25064	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:63966	P	Security update for tigervnc (Important)	2020-12-01
oval:org.opensuse.security:def:25139	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25063	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25795	P	Security update for kernel-source (Important)	2020-12-01
oval:org.opensuse.security:def:64431	P	perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25348	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:26477	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:25489	P	Security update for pam_radius (Important)	2020-12-01
oval:org.opensuse.security:def:110548	P	Security update for pdns-recursor (Moderate)	2020-05-23

BACK