漏洞类型: - 缓存中毒:Crafted delegations or IP fragments can poison cached delegations in Recursor - 拒绝服务:Multiple advisories related to Denial of Service, including crafted responses leading to denial of service, crafted DNSSEC records, and insufficient validation issues - 缓存问题:Cache pollution via crafted query - 访问控制绕过:Access restriction bypass - 信息泄露:Information disclosure - DNSSEC签名验证不足:Insufficient validation of DNSSEC signatures and TSIG signatures - 配置文件注入:Configuration file injection in the API - 跨站脚本攻击:Cross-Site Scripting in the web interface - CPU异常使用:Crafted queries can cause abnormal CPU usage - 标签解压缩错误:Label decompression bug can cause crashes or CPU spikes - 遥控崩溃:PowerDNS Recursor can be crashed remotely 漏洞影响: - PowerDNS Recursor 的多个版本受不同漏洞影响,可能导致系统崩溃、服务中断、信息泄露等问题 其他: - 每个安全公告都附有详细描述,如受影响版本、漏洞描述、缓解措施等 - 安全公告按时间排序列出,方便用户查找和了解最新安全问题