Inowanikwa zvine mvumo DNS server zvigadziriso PowerDNS Authoritative Server 4.3.1, 4.2.3 uye 4.1.14 , mairi kubviswa ina kusagadzikana, maviri ayo anogona kutungamira kune kure kure kodhi kuurayiwa neanorwisa.
Kusagadzikana CVE-2020-24696, CVE-2020-24697 uye CVE-2020-24698
affect kodhi nekushandiswa kweiyo kiyi yekutsinhana michina GSS-TSIG . Kusagadzikana kunongoonekwa kana PowerDNS yavakwa neGSS-TSIG rutsigiro (β-gonesa-yekuedza-gss-tsigβ, isingashandiswe neyakagadzika) uye inogona kushandiswa nekutumira yakanyatsogadzirwa network packet. Mamiriro ezvinhu emujaho uye kusakanganiswa kwakapetwa kaviri CVE-2020-24696 uye CVE-2020-24698 kunogona kutungamira mukupunzika kana kuurayiwa kweanorwisa kodhi kana uchigadzirisa zvikumbiro nemasiginecha eGSS-TSIG asina kurongeka. Kusagadzikana CVE-2020-24697 kunogumira pakuramba sevhisi. Sezvo GSS-TSIG kodhi isina kushandiswa neyakagadzika, kusanganisira mumapaketi ekugovera, uye inogona kunge ine mamwe matambudziko, yakasarudzwa kuibvisa zvachose mukuburitswa kwePowerDNS Authoritative 4.4.0.
CVE-2020-17482 inogona kutungamira kune ruzivo rwekudonha kubva kune uninitialized process memory, asi inongoitika kana kugadzirisa zvikumbiro kubva kune vakatendeseka vashandisi vane kugona kuwedzera marekodhi matsva kuDNS nzvimbo dzinoshandirwa neseva.
Source: opennet.ru