NVD Vulnerability Detail

CVE-2020-10995

Summary	PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue.
Publication Date	May 20, 2020, 2:15 a.m.
Registration Date	Jan. 26, 2021, 11:50 a.m.
Last Update	Nov. 21, 2024, 1:56 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:powerdns:recursor::::::::		4.1.0	4.3.0

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:opensuse:leap:15.1:::::::*
cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.html	Mailing List Third Party Advisory
2	http://www.nxnsattack.com	Technical Description Third Party Advisory
3	https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html	Vendor Advisory
4	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMP72NJGKBWR5WEBXAWX5KSLQUDFTG6S/
5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PS4ZN5XGENYNFKX7QIIOUCQQHXE37GJF/
6	https://www.debian.org/security/2020/dsa-4691	Third Party Advisory
7	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.html	Mailing List Third Party Advisory
8	https://www.debian.org/security/2020/dsa-4691	Third Party Advisory
9	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PS4ZN5XGENYNFKX7QIIOUCQQHXE37GJF/
10	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMP72NJGKBWR5WEBXAWX5KSLQUDFTG6S/
11	https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html	Vendor Advisory
12	http://www.nxnsattack.com	Technical Description Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-400	リソースの枯渇	https://cwe.mitre.org/data/definitions/400.html

JVN Vulnerability Information

PowerDNS Recursor における再帰制御に関する脆弱性

Title	PowerDNS Recursor における再帰制御に関する脆弱性
Summary	PowerDNS Recursor には、再帰制御に関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 19, 2020, midnight
Registration Date	June 19, 2020, 11:31 a.m.
Last Update	June 19, 2020, 11:31 a.m.

Affected System

PowerDNS

PowerDNS Recursor 4.1.0 から 4.3.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-10995	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995
National Vulnerability Database (NVD)
2	CVE-2020-10995	https://nvd.nist.gov/vuln/detail/CVE-2020-10995

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-674	https://cwe.mitre.org/data/definitions/674.html

ベンダー情報

No	Name	URL
Security Advisory
1	PowerDNS Security Advisory 2020-01: Denial of Service	https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html

Change Log

No	Changed Details	Date of change
1	[2020年06月19日] 掲載	June 19, 2020, 11:31 a.m.