Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1576969917.26630.1761213430738@appsuite.open-xchange.com>
Date: Thu, 23 Oct 2025 11:57:10 +0200 (CEST)
From: Otto Moerbeek <otto.moerbeek@...erdns.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: PowerDNS Security Advisory 2025-06: Crafted delegations or IP
 fragments can poison cached delegations in Recursor

   We have released PowerDNS Recursor 5.1.8, 5.2.6 and 5.3.1.

   These releases fix PowerDNS Security Advisory 2025-06: Crafted
   delegations or IP fragments can poison cached delegations in Recursor:
     __________________________________________________________________

    PowerDNS Security Advisory 2025-06: Crafted delegations or IP fragments can
    poison cached delegations in Recursor

   CVE: CVE-2025-59023
   Date: 15th October 2025
   Affects: PowerDNS Recursor up to and including 5.1.7, 5.2.5 and 5.3.0
   Not affected: PowerDNS Recursor 5.1.8, 5.2.6 and 5.3.1
   Severity: High
   Impact: Cache pollution
   Exploit: This problem can be triggered by an attacker spoofing crafted
   delegations
   Risk of system compromise: None
   Solution: Upgrade to patched version

   CVSS Score: 8.2, see
   https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P
   R:N/UI:N/S:U/C:N/I:H/A:L&version=3.1[1]

   CVE: CVE-2025-59024
   Date: 15th October 2025
   Affects: PowerDNS Recursor up to and including 5.1.7, 5.2.5 and 5.3.0
   Not affected: PowerDNS Recursor 5.1.8, 5.2.6 and 5.3.1
   Severity: Medium
   Impact: Cache pollution
   Exploit: This problem can be triggered by an attacker using an UDP IP
   fragments attack
   Risk of system compromise: None
   Solution: Upgrade to patched version

   CVSS Score: 6.5 see
   https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/P
   R:N/UI:N/S:U/C:N/I:H/A:L&version=3.1[2]

   It has been brought to our attention that the Recursor does not apply
   strict enough validation of received delegation information. The
   malicious delegation information can be sent by an attacker spoofing
   packets.

   The updated versions of the Recursor apply strict validation of the
   received delegation information from authoritative servers. In versions
   5.2.6 and 5.3.1 the already existing validations are tightened further,
   while version 5.1.8 contains a full backport of the strict validations.
   Note that other vendors will release updated software to fix similar
   issues as well.

   Please refer to the changelogs  (5.1.8[3], 5.2.6[4] and 5.3.1[5]) for
   additional details

   Please send us all feedback and issues you might have via the mailing
   list[6], or in case of a bug, via GitHub[7].

   The tarballs (5.1.8[8], 5.2.6[9], 5.3.1[10]) (with signature files
   5.1.8[11], 5.2.6[12], 5.3.1[13]) are available from our
   download server[14] and packages for several distributions are
   available from our repository[15].

   Recently we made changes to our Open Source End of Life policy. Older
   release trains are now supported for one year after the following major
   release. Consult the EOL policy[16] for more details.

   We are grateful to the PowerDNS community for the reporting of bugs,
   issues, feature requests, and especially to the submitters of fixes and
   implementations of features.

References

   1. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L&version=3.1
   2. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L&version=3.1
   3. https://doc.powerdns.com/recursor/changelog/5.1.html#change-5.1.8
   4. https://doc.powerdns.com/recursor/changelog/5.2.html#change-5.2.6
   5. https://doc.powerdns.com/recursor/changelog/5.3.html#change-5.3.1
   6. https://mailman.powerdns.com/mailman/listinfo/pdns-users
   7. https://github.com/PowerDNS/pdns/issues/new/choose
   8. https://downloads.powerdns.com/releases/pdns-recursor-5.1.8.tar.bz2
   9. https://downloads.powerdns.com/releases/pdns-recursor-5.2.6.tar.bz2
  10. https://downloads.powerdns.com/releases/pdns-recursor-5.3.1.tar.xz
  11. https://downloads.powerdns.com/releases/pdns-recursor-5.1.8.tar.bz2.sig
  12. https://downloads.powerdns.com/releases/pdns-recursor-5.2.6.tar.bz2.sig
  13. https://downloads.powerdns.com/releases/pdns-recursor-5.3.1.tar.xz.sig
  14. https://downloads.powerdns.com/releases/
  15. https://repo.powerdns.com/
  16. https://docs.powerdns.com/recursor/appendices/EOL.html


--

kind regards,
Otto Moerbeek
Developer PowerDNS


Phone: +49 2761 75252 00 Fax: +49 2761 75252 30
Email: otto.moerbeek@...n-xchange.com


-------------------------------------------------------------------------------------
Open-Xchange AG, Hohenzollernring 72, 50672 Cologne, District Court Cologne HRB 95366
Managing Board: Andreas Gauger, Dirk Valbert
Chairman of the Board: Dr. Paul-Josef Patt

PowerDNS.com B.V., Koninginnegracht 5, 2514 AA Den Haag, The Netherlands
Managing Director: Robert Brandt
-------------------------------------------------------------------------------------
Download attachment "signature.asc" of type "application/pgp-signature" (486 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.