ID CVE-2011-4869
Summary validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS servers to cause a denial of service (daemon crash) via a malformed response that lacks expected NSEC3 records, a different vulnerability than CVE-2011-4528.
References
Vulnerable Configurations
  • cpe:2.3:a:unbound:unbound:0.0:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:0.09:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:0.09:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:0.10:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:0.11:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:1.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:1.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:unbound:unbound:*:*:*:*:*:*:*:*
    cpe:2.3:a:unbound:unbound:*:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 29-08-2017 - 01:30)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
refmap via4
cert-vn VU#209659
confirm http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt
debian DSA-2370
fedora
  • FEDORA-2011-17282
  • FEDORA-2011-17337
osvdb 77910
secunia 47326
xf unbound-nsec3-dos(71868)
Last major update 29-08-2017 - 01:30
Published 20-12-2011 - 11:55
Last modified 29-08-2017 - 01:30
Back to Top