Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-3602 | First vendor Publication | 2009-10-13 |
Vendor | Cve | Last vendor Modification | 2017-08-17 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3602 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-310 | Cryptographic Issues |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13307 | |||
Oval ID: | oval:org.mitre.oval:def:13307 | ||
Title: | DSA-1963-1 unbound -- cryptographic implementation error | ||
Description: | It was discovered that Unbound, a DNS resolver, does not properly check cryptographic signatures on NSEC3 records. As a result, zones signed with the NSEC3 variant of DNSSEC lose their cryptographic protection. The old stable distribution does not contain an unbound package. For the stable distribution, this problem has been fixed in version 1.0.2-1+lenny1. For the unstable distribution and the testing distribution, this problem has been fixed in version 1.3.4-1. We recommend that you upgrade your unbound package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1963-1 CVE-2009-3602 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | unbound |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7571 | |||
Oval ID: | oval:org.mitre.oval:def:7571 | ||
Title: | DSA-1963 unbound -- cryptographic implementation error | ||
Description: | It was discovered that Unbound, a DNS resolver, does not properly check cryptographic signatures on NSEC3 records. As a result, zones signed with the NSEC3 variant of DNSSEC lose their cryptographic protection. The old stable distribution does not contain an unbound package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1963 CVE-2009-3602 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | unbound |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-01-04 | Name : Unbound DNS Server NSEC3 Signature Verification DNS Spoofing Vulnerability File : nvt/unbound_37459.nasl |
2009-12-30 | Name : Debian Security Advisory DSA 1963-1 (unbound) File : nvt/deb_1963_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
58836 | Unbound NSEC3 Record Signature Check Validation Bypass Unbound contains a flaw that may allow a malicious user to bypass NSEC3 record signature checks. The issue is triggered when a malicious user sends a specially crafted delegation response in spoofed DNS packets. It is possible that the flaw may allow a secure delegation to be downgraded to insecure resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1963.nasl - Type : ACT_GATHER_INFO |
2010-02-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_unbound-100218.nasl - Type : ACT_GATHER_INFO |
2010-02-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_unbound-100218.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-05 01:06:18 |
|
2021-05-04 12:10:18 |
|
2021-04-22 01:10:43 |
|
2020-05-23 01:40:57 |
|
2020-05-23 00:24:26 |
|
2017-08-17 09:22:44 |
|
2016-06-28 17:51:37 |
|
2016-04-26 19:11:32 |
|
2014-02-17 10:51:55 |
|
2013-05-10 23:59:17 |
|