Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.
CVSS Information
N/A
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
PowerDNS Recursor DNSSEC验证组件安全漏洞
Vulnerability Description
PowerDNS Recursor是荷兰PowerDNS公司的一个跨平台的开源DNS服务组件,它支持在Windows系统中使用Access的mdb文件记录DNS信息,在Linux/Unix系统中使用MySQL来记录DNS信息。DNSSEC validators components是其中的一个DNS安全扩展验证组件。 PowerDNS Recursor 4.0.0版本至4.0.6版本中的DNSSEC验证组件存在安全漏洞。攻击者可通过对特制的记录发布有效签名利用该漏洞实施中间人攻击,更改记录内容。
CVSS Information
N/A
Vulnerability Type
N/A