PowerDNS Authoritative < 4.0.5 Read Only Configuration Bypass (CVE-2017-15091)
Medium Nessus Plugin ID 106192
SynopsisThe remote name server is affected by a configuration bypass vulnerability.
DescriptionAccording to its self-reported version number, the version of the PowerDNS Authoritative listening on the remote host is prior to 4.0.5. It is, therefore, affected by a vulnerability in the API where a remote authenticated attacker can perform operations that affect the server state even if the api-readonly configuration is enabled.
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
Also, Nessus has not checked for the presence of the patch.
SolutionUpgrade to PowerDNS Authoritative 4.0.5 or later. Alternatively, apply the patches referenced in the vendor advisories.