Vulnerability Description
Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nlnetlabs | Unbound | <= 1.3.3 |
Related Weaknesses (CWE)
References
- http://osvdb.org/58836
- http://secunia.com/advisories/36996Vendor Advisory
- http://secunia.com/advisories/37913
- http://unbound.net/pipermail/unbound-users/2009-October/000852.htmlVendor Advisory
- http://www.debian.org/security/2009/dsa-1963
- http://www.openwall.com/lists/oss-security/2009/10/09/2
- http://www.openwall.com/lists/oss-security/2009/10/09/3
- http://www.vupen.com/english/advisories/2009/2875Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53729
- http://osvdb.org/58836
- http://secunia.com/advisories/36996Vendor Advisory
- http://secunia.com/advisories/37913
- http://unbound.net/pipermail/unbound-users/2009-October/000852.htmlVendor Advisory
- http://www.debian.org/security/2009/dsa-1963
- http://www.openwall.com/lists/oss-security/2009/10/09/2
FAQ
What is CVE-2009-3602?
CVE-2009-3602 is a vulnerability with a CVSS score of 7.5 (HIGH). Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in ...
How severe is CVE-2009-3602?
CVE-2009-3602 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3602?
Check the references section above for vendor advisories and patch information. Affected products include: Nlnetlabs Unbound.