Vulnerability Details : CVE-2012-1193
The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
Products affected by CVE-2012-1193
- cpe:2.3:a:powerdns:powerdns_recursor:3.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-1193
0.63%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-1193
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:P |
10.0
|
4.9
|
NIST |
References for CVE-2012-1193
-
https://www.isc.org/files/imce/ghostdomain_camera.pdf
Internet Systems ConsortiumExploit
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102729.html
[SECURITY] Fedora 19 Update: pdns-recursor-3.5-1.fc19
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104173.html
[SECURITY] Fedora 17 Update: pdns-recursor-3.5-2.fc17
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104177.html
[SECURITY] Fedora 18 Update: pdns-recursor-3.5-2.fc18
Jump to