CVE-2009-3602
HIGH severity · CVSS 7.5 · CWE-310
7.5CVSS HIGH
Summary
Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)3%
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://secunia.com/advisories/36996Advisory
- http://unbound.net/pipermail/unbound-users/2009-October/000852.htmlAdvisory
- http://www.vupen.com/english/advisories/2009/2875Advisory
- http://osvdb.org/58836
- http://secunia.com/advisories/37913
- http://www.debian.org/security/2009/dsa-1963
- http://www.openwall.com/lists/oss-security/2009/10/09/2
- http://www.openwall.com/lists/oss-security/2009/10/09/3