powerdns-recursor -- insufficient validation of DNSSEC signatures
PowerDNS Security Advisory reports:
An issue has been found in the DNSSEC validation component of
PowerDNS Recursor, allowing an ancestor delegation NSEC or NSEC3
record to be used to wrongfully prove the non-existence of a RR
below the owner name of that record. This would allow an attacker in
position of man-in-the-middle to send a NXDOMAIN answer for a name
that does exist.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright