CVE-2012-1193 : The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records du

The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.

Published 2012-02-17 22:55:01

Updated 2013-12-13 04:57:33

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-1193

Probability of exploitation activity in the next 30 days: 0.63%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-1193

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:P	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

References for CVE-2012-1193

https://www.isc.org/files/imce/ghostdomain_camera.pdf

Internet Systems Consortium
Exploit

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102729.html

[SECURITY] Fedora 19 Update: pdns-recursor-3.5-1.fc19
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104173.html

[SECURITY] Fedora 17 Update: pdns-recursor-3.5-2.fc17
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104177.html

[SECURITY] Fedora 18 Update: pdns-recursor-3.5-2.fc18

Products affected by CVE-2012-1193

Powerdns » Powerdns Recursor » Version: 3.3
cpe:2.3:a:powerdns:powerdns_recursor:3.3:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-1193

Exploit prediction scoring system (EPSS) score for CVE-2012-1193

CVSS scores for CVE-2012-1193

References for CVE-2012-1193

Products affected by CVE-2012-1193