[3.10] pdns: Insufficient validation in the HTTP remote backend (CVE-2019-3871)
An issue has been found in PowerDNS Authoritative Server when the HTTP
remote backend is used in RESTful mode (without post=1 set), allowing a
remote user to cause the
HTTP backend to connect to an attacker-specified host instead of the
configured one, via a crafted DNS query. This can be used to cause a
denial of service by preventing the
remote backend from getting a response, content spoofing if the attacker
can time its own query so that subsequent queries will use an
attacker-controlled HTTP server instead
of the configured one, and possibly information disclosure if the
Authoritative Server has access to internal servers.
Affects: PowerDNS Authoritative up to and including 4.1.6
Not affected: 4.1.7, 4.0.7
References:
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html
https://www.openwall.com/lists/oss-security/2019/03/18/4
(from redmine: issue id 10134, created on 2019-03-19, closed on 2019-03-21)
- Relations:
- parent #10133 (closed)