CVE-2016-7073 -- pdns, pdns-recursorID: oval:org.secpod.oval:def:1901267 | Date: (C)2019-03-04 (M)2023-12-20 |
Class: VULNERABILITY | Family: unix |
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack.
Platform: |
Ubuntu 16.04 |
Ubuntu 14.04 |
Product: |
pdns-server |
pdns-recursor |