======================================================================

                               CERT-Renater

                     Note d'Information No. 2024/VULN229
_____________________________________________________________________

DATE                : 13/05/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running PowerDNS versions prior to 4.8.8,
                                     4.9.5, 5.0.4.

=====================================================================
https://blog.powerdns.com/2024/04/24/powerdns-recursor-4-8-8-4-9-5-5-0-4-released
_____________________________________________________________________

PowerDNS Recursor Security Advisory 2024-02
Apr 24, 2024

Today we have released PowerDNS Recursor 4.8.8, 4.9.5 and 5.0.4.

These releases fix PowerDNS Security Advisory 2024-02: if recursive
forwarding is configured, crafted responses can lead to a denial
of service in Recursor.

PowerDNS Security Advisory 2024-02: if recursive forwarding is
configured, crafted responses can lead to a denial of service in
Recursor

     CVE: CVE-2024-25583
     Date: 24th of April 2024.
     Affects: PowerDNS Recursor 4.8.7, 4.9.4 and 5.0.3, earlier
               versions are not affected
     Not affected: PowerDNS Recursor 4.8.8, 4.9.5 and 5.0.4
     Severity: High (only when using recursive forwarding)
     Impact: Denial of service
     Exploit: This problem can be triggered by an attacker publishing
               a crafted zone
     Risk of system compromise: None
     Solution: Upgrade to patched version


A crafted response from an upstream server the recursor has been
configured to forward-recurse to can cause a Denial of Service in
the Recursor. The default configuration of the Recursor does not
use recursive forwarding and is not affected.

CVSS Score: 7.5, only for configurations using recursive
forwarding, see
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1

The remedy is to update to a patched version.

Please refer to the changelogs  (4.8.8, 4.9.5 and 5.0.4) and upgrade
guide for additional details.

Please send us all feedback and issues you might have via the mailing
list, or in case of a bug, via GitHub.

The tarballs (4.8.8, 4.9.5, 5.0.4) (with signature files 4.8.8, 4.9.5,
5.0.4) are available from our download server and packages for
several distributions are available from our repository.

We are grateful to the PowerDNS community for the reporting of bugs,
issues, feature requests, and especially to the submitters of fixes
and implementations of features.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================