Cryptographic Issues Affecting unbound package, versions <1.3.4-1
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
EPSS
0.8% (82nd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN10-UNBOUND-320312
- published 13 Oct 2009
- disclosed 13 Oct 2009
Introduced: 13 Oct 2009
CVE-2009-3602 Open this link in a new tabHow to fix?
Upgrade Debian:10
unbound
to version 1.3.4-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream unbound
package and not the unbound
package as distributed by Debian
.
See How to fix?
for Debian:10
relevant fixed versions and status.
Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.
References
- ADVISORY
- Debian Security Advisory
- http://osvdb.org/58836
- http://unbound.net/pipermail/unbound-users/2009-October/000852.html
- http://www.vupen.com/english/advisories/2009/2875
- http://xforce.iss.net/xforce/xfdb/53729
- OSS security Advisory
- OSS security Advisory
- Secunia Advisory
- Secunia Advisory
- X-force Vulnerability Report