fkie_nvd - fkie_cve-2009-3602

fkie_cve-2009-3602

Vulnerability from fkie_nvd

Published

2009-10-13 10:30

Modified

2025-04-09 00:30

Severity ?

Summary

Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.

References

URL	Tags
secalert@redhat.com	http://osvdb.org/58836
secalert@redhat.com	http://secunia.com/advisories/36996	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/37913
secalert@redhat.com	http://unbound.net/pipermail/unbound-users/2009-October/000852.html	Vendor Advisory
secalert@redhat.com	http://www.debian.org/security/2009/dsa-1963
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2009/10/09/2
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2009/10/09/3
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/2875	Vendor Advisory
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/53729
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/58836
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36996	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37913
af854a3a-2127-422b-91ae-364da2661108	http://unbound.net/pipermail/unbound-users/2009-October/000852.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1963
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2009/10/09/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2009/10/09/3
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2875	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/53729

Impacted products

Vendor	Product	Version
nlnetlabs	unbound	*
nlnetlabs	unbound	0.0
nlnetlabs	unbound	0.1
nlnetlabs	unbound	0.2
nlnetlabs	unbound	0.3
nlnetlabs	unbound	0.4
nlnetlabs	unbound	0.5
nlnetlabs	unbound	0.6
nlnetlabs	unbound	0.7
nlnetlabs	unbound	0.7.1
nlnetlabs	unbound	0.7.2
nlnetlabs	unbound	0.8
nlnetlabs	unbound	0.09
nlnetlabs	unbound	0.10
nlnetlabs	unbound	0.11
nlnetlabs	unbound	1.0.0
nlnetlabs	unbound	1.0.1
nlnetlabs	unbound	1.0.2
nlnetlabs	unbound	1.1.0
nlnetlabs	unbound	1.1.1
nlnetlabs	unbound	1.2.0
nlnetlabs	unbound	1.2.1
nlnetlabs	unbound	1.3.0
nlnetlabs	unbound	1.3.1
nlnetlabs	unbound	1.3.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7158CA2-29DF-4705-96DF-4166D43FB0B3",
              "versionEndIncluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C91D9B3-201C-4090-8AB7-22B3B017C9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54DA5D37-9D1E-483D-AD56-FD9B32BE62BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD25EC11-5C51-4072-AFBC-CB6C7173E1EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "19BD88F4-8CF7-4C02-9A68-0F57A5C221AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FBA46C5-4E08-4B9F-897B-05DE3AF9A10D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96D1B54-4C99-4B36-97A5-40D7A3691041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D62F9F20-8A6E-4736-A3ED-879BCE4E4F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "52C42FEA-5001-41D4-8CA3-A25D8CB0A9B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "29B38799-BBFD-42B3-8DF3-1C2957BEE205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ADE80A0-3D9D-4C4E-859B-E0A7EE5A3C3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "785E8B09-CC33-4812-923F-3168FA73B814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:0.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3F22E5E-185B-411E-BD1A-9F2774F87E93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "798B325D-4612-493C-BDF3-D09F9AF99C75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "28DF2FEF-AED3-43C3-8877-EB5A724232BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA2F7047-5435-4616-8357-B72BB3F9A600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05137329-C056-4E1E-811E-0AF2899E9EE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "850E4420-3B05-4F99-A4C6-AD22E127E7DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6A23044-AB7D-4303-804B-11ADC8CF4CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DFA469-124B-4F6A-9D86-2B615CC1F5B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D463CB7-2B65-4A4D-8AC2-35F6C51CAC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7701F4B-6FF1-463E-BF6D-6B7EA96DB192",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "661E72ED-666D-4532-B503-683E2C84686F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF5BCB9-1950-4099-8E08-5D1CBF6749FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "04981A8D-F3F8-4D83-818B-775E8FE9CE77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses."
    },
    {
      "lang": "es",
      "value": "Unbound anterior v1.3.4 no comprueba las firmas para registros NSEC3, lo que permite a atacantes remotos causar una delegaci\u00f3n de seguridad para ser descargada a trav\u00e9s de suplantaci\u00f3n de DNS u otros ataques relativos al DNS conjuntamente con respuestas de delegaci\u00f3n manipuladas."
    }
  ],
  "id": "CVE-2009-3602",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-10-13T10:30:00.657",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/58836"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36996"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37913"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://unbound.net/pipermail/unbound-users/2009-October/000852.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2009/dsa-1963"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2009/10/09/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2009/10/09/3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2875"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/58836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37913"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://unbound.net/pipermail/unbound-users/2009-October/000852.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1963"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2009/10/09/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2009/10/09/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2875"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53729"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2009-3602 (GCVE-0-2009-3602)

Vulnerability from cvelistv5

Published

2009-10-13 10:00