4 matches found
unbound: Unbound domain hijacking via promiscuous records
A domain hijacking flaw has been discovered in NLNet Lab's Unbound project. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver'...
Amazon Linux 2023 : python3-unbound, unbound, unbound-anchor (ALAS2023-2025-1315)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1315 advisory. NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to...
FreeBSD Security Advisory - FreeBSD-SA-25:10.unbound
FreeBSD Security Advisory - Promiscuous NS RRSets that complement DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver's knowledge of the zone's name servers. If a malicious...
PT-2025-43065
Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions up to and including 1.24.0 Description Unbound is susceptible to domain hijack attacks through the manipulation of DNS responses. Specifically, maliciously crafted NS Resource Record Sets RRSets included in replies...