Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
| Link | Tags |
|---|---|
| http://secunia.com/advisories/37913 | third party advisory |
| http://www.openwall.com/lists/oss-security/2009/10/09/3 | mailing list |
| http://secunia.com/advisories/36996 | third party advisory vendor advisory |
| http://unbound.net/pipermail/unbound-users/2009-October/000852.html | mailing list vendor advisory |
| http://www.vupen.com/english/advisories/2009/2875 | vdb entry vendor advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53729 | vdb entry |
| http://www.openwall.com/lists/oss-security/2009/10/09/2 | mailing list |
| http://osvdb.org/58836 | vdb entry |
| http://www.debian.org/security/2009/dsa-1963 | vendor advisory |