CVE-2020-10995 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-10995 Interim 1 19 2025-02-17T01:32:24Z current 2021-05-30T14:39:07Z 2025-02-17T01:32:24Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-10995 PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LEZPG4GM5KFH6L7EPATOSNLDHKRJP667/ E-Mail link for openSUSE-SU-2020:0698-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 12 SP1 SUSE Package Hub 15 SP1 openSUSE Leap 15.1 openSUSE Tumbleweed pdns-recursor-4.1.12-bp151.4.3.1 pdns-recursor-4.1.12-lp151.3.3.1 pdns-recursor-4.1.16-19.1 pdns-recursor-4.5.5-1.3 pdns-recursor-4.1.16-19.1 as a component of SUSE Package Hub 12 SP1 pdns-recursor-4.1.12-bp151.4.3.1 as a component of SUSE Package Hub 15 SP1 pdns-recursor-4.1.12-lp151.3.3.1 as a component of openSUSE Leap 15.1 pdns-recursor-4.5.5-1.3 as a component of openSUSE Tumbleweed PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue. CVE-2020-10995 SUSE Package Hub 12 SP1:pdns-recursor-4.1.16-19.1 SUSE Package Hub 15 SP1:pdns-recursor-4.1.12-bp151.4.3.1 openSUSE Leap 15.1:pdns-recursor-4.1.12-lp151.3.3.1 openSUSE Tumbleweed:pdns-recursor-4.5.5-1.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H