oss-sec mailing list archives
CVE request: Unbound
From: Florian Weimer <fw () deneb enyo de>
Date: Fri, 09 Oct 2009 19:33:50 +0000
Unbound before 1.3.4 does not check the signatures on NSEC3 records under unspecified conditions, enabling attackers who can perform DNS spoofing to downgrade existing secure delegations to insecure status, which then can be targeted in further spoofing attacks. <http://unbound.net/pipermail/unbound-users/2009-October/000852.html> (Older versions, back to 1.0.x, are also affected.)
Current thread:
- CVE request: Unbound Florian Weimer (Oct 09)
- Re: CVE request: Unbound Josh Bressers (Oct 09)