Lucene search
GoogleOSV:DSA-1963-1HistoryDec 23, 2009 - 12:00 a.m.
unbound - DNSSEC validation
2009-12-2300:00:00
Google
osv.dev
7
EPSS
0.008
Percentile
81.7%
It was discovered that Unbound, a DNS resolver, does not properly
check cryptographic signatures on NSEC3 records. As a result, zones
signed with the NSEC3 variant of DNSSEC lose their cryptographic
protection. (An attacker would still have to carry out an ordinary
cache poisoning attack to add bad data to the cache.)
The old stable distribution (etch) does not contain an unbound
package.
For the stable distribution (lenny), this problem has been fixed in
version 1.0.2-1+lenny1.
For the unstable distribution (sid) and the testing distribution
(squeeze), this problem has been fixed in version 1.3.4-1.
We recommend that you upgrade your unbound package.
References
Related
openvas
openvas
Debian Security Advisory DSA 1963-1 (unbound)
2009-12-30 00:00:00
Debian: Security Advisory (DSA-1963-1)
2009-12-30 00:00:00
Unbound DNS Server NSEC3 Signature Verification DNS Spoofing Vulnerability
2010-01-04 00:00:00
nessus
nessus
Unbound < 1.3.4 NSEC3 Signature Verification DNS Spoofing Vulnerability (CVE-2009-3602)
2018-01-26 00:00:00
openSUSE Security Update : unbound (unbound-2015)
2010-02-23 00:00:00
openSUSE Security Update : unbound (unbound-2015)
2010-02-23 00:00:00
nvd
nvd
CVE-2009-3602
2009-10-13 10:30:00
cve
cve
CVE-2009-3602
2009-10-13 10:30:00
debian
debian
[SECURITY] [DSA 1963-1] New unbound packages fix DNSSEC validation
2009-12-23 20:35:17
cvelist
cvelist
CVE-2009-3602
2009-10-13 10:00:00
debiancve
debiancve
CVE-2009-3602
2009-10-13 10:30:00
ubuntucve
ubuntucve
CVE-2009-3602
2009-10-13 00:00:00
prion
prion
Design/Logic Flaw
2009-10-13 10:30:00