Test ID:	1.3.6.1.4.1.25623.1.0.151736
Category:	Denial of Service
Title:	PowerDNS Recursor Multiple DoS Vulnerabilities (2024-01, KeyTrap)
Summary:	PowerDNS Recursor is prone to multiple denial of service (DoS); vulnerabilities.
Description:	Summary: PowerDNS Recursor is prone to multiple denial of service (DoS) vulnerabilities. Vulnerability Insight: An attacker can publish a zone that contains crafted DNSSEC related records. While validating results from queries to that zone using the RFC mandated algorithms, the Recursor's resource usage can become so high that processing of other queries is impacted, resulting in a denial of service. Affected Software/OS: PowerDNS Recursor version 4.8.5 and prior, 4.9.x through 4.9.2 and 5.0.x through 5.0.1. Solution: Update to version 4.8.6, 4.9.3, 5.0.2 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-50387 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/ https://access.redhat.com/security/cve/CVE-2023-50387 https://bugzilla.suse.com/show_bug.cgi?id=1219823 https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1 https://kb.isc.org/docs/cve-2023-50387 https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387 https://news.ycombinator.com/item?id=39367411 https://news.ycombinator.com/item?id=39372384 https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ https://www.athene-center.de/aktuelles/key-trap https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf https://www.isc.org/blogs/2024-bind-security-release/ https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/ https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/ https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html http://www.openwall.com/lists/oss-security/2024/02/16/2 http://www.openwall.com/lists/oss-security/2024/02/16/3 Common Vulnerability Exposure (CVE) ID: CVE-2023-50868 https://access.redhat.com/security/cve/CVE-2023-50868 https://bugzilla.suse.com/show_bug.cgi?id=1219826 https://datatracker.ietf.org/doc/html/rfc5155 https://kb.isc.org/docs/cve-2023-50868
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.