ASA-2018-00036 – PowerDNS: Packet cache pollution via crafted query

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2018-00036

Identifier(s)

ASA-2018-00036, CVE-2018-14626

Title

Packet cache pollution via crafted query

Vendor(s)

PowerDNS

Product(s)

PowerDNS Authoritative

PowerDNS Recursor

Affected version(s)

PowerDNS Authoritative from 4.1.0 up to and including 4.1.4

PowerDNS Recursor from 4.0.0 up to and including 4.1.4

Fixed version(s)

PowerDNS Authoritative 4.1.5, 4.0.x

PowerDNS Recursor 4.1.5, 4.0.9

Proof of concept

Unknown

Description

An issue has been found in PowerDNS Authoritative Server allowing a remote user to craft a DNS query that will cause an answer without DNSSEC records to be inserted into the packet cache and be returned to clients asking for DNSSEC records, thus hiding the presence of DNSSEC signatures for a specific qname and qtype. For a DNSSEC-signed domain, this means that DNSSEC validating clients will consider the answer to be bogus until it expires from the packet cache, leading to a denial of service.

An issue has been found in PowerDNS Recursor allowing a remote user to craft a DNS query that will cause an answer without DNSSEC records to be inserted into the packet cache and be returned to clients asking for DNSSEC records, thus hiding the presence of DNSSEC signatures for a specific qname and qtype. For a DNSSEC-signed domain, this means that clients performing DNSSEC validation by themselves might consider the answer to be bogus until it expires from the packet cache, leading to a denial of service.

Reference(s)

PowerDNS Security Advisories 2018-03, 2018-04, 2018-05, 2018-06 and 2018-07
https://seclists.org/oss-sec/2018/q4/137

PowerDNS Security Advisory 2018-05: Packet cache pollution via crafted query
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html

PowerDNS Security Advisory 2018-06: Packet cache pollution via crafted query
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html

CVE-2018-14626-auth-4.1.4.patch
https://downloads.powerdns.com/patches/2018-05/CVE-2018-14626-auth-4.1.4.patch

CVE-2018-14626-rec-4.0.8.patch
https://downloads.powerdns.com/patches/2018-06/CVE-2018-14626-rec-4.0.8.patch

CVE-2018-14626-rec-4.1.4.patch
https://downloads.powerdns.com/patches/2018-06/CVE-2018-14626-rec-4.1.4.patch

CVE-2018-14626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14626

CVE-2018-14626
https://nvd.nist.gov/vuln/detail/CVE-2018-14626

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: November 8, 2018

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.