Unbound DNS Server NSEC3 Signature Verification DNS Spoofing Vulnerability Network Vulnerability

Summary

Unbound DNS Server is prone to a DNS-spoofing vulnerability. Successful exploits allow remote attackers to spoof delegation responses so as to downgrade secure delegations to insecure status, which may aid in further attacks. Versions prior to Unbound 1.3.4 are vulnerable.

Solution

Updates are available. Please see the references for details.

References

http://unbound.net/index.html
http://unbound.net/pipermail/unbound-users/2009-October/000852.html
http://www.securityfocus.com/bid/37459

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3602

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X
Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Mac OS X)
Adobe Air Multiple Vulnerabilities June-2012 (Windows)
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)

Take action and discover your vulnerabilities