CVE-2016-7074 -- pdns, pdns-recursorID: oval:org.secpod.oval:def:1901554 | Date: (C)2019-03-05 (M)2023-12-20 |
Class: VULNERABILITY | Family: unix |
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature.
Platform: |
Ubuntu 16.04 |
Ubuntu 14.04 |
Product: |
pdns-server |
pdns-recursor |