Fortinet Discovers PowerDNS Recursor HTML/Script Injection Vulnerability
Fortinet's FortiGuard Labs has discovered a HTML/Script injection vulnerability in the web interface of PowerDNS Recursor.
PowerDNS Recursor is a high-end, high-performance resolving name server which powers the DNS resolution of at least a hundred million subscribers. Utilizing multiple processors and supporting the same powerful scripting ability of the Authoritative Server, Recursor delivers top performance while retaining the flexibility modern DNS deployments require.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Oct 22, 2017
Users should apply the solution provided by PowerDNS.
Fortinet reported the vulnerability to PowerDNS on Aug. 7, 2017.
PowerDNS confirmed the vulnerability on Aug. 8, 2017.
PowerDNS patched the vulnerability on Nov. 27, 2017.
This vulnerability was discovered by Chris Navarrete of Fortinet's FortiGuard Labs.