1. CVE-Search
  2. CVE-2009-3602
ID CVE-2009-3602
Summary Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.
References
Vulnerable Configurations
  • cpe:2.3:a:nlnetlabs:unbound:0.0:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:0.09:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:0.09:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:0.10:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:0.11:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:-:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:-:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:1.2.1:-:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:1.2.1:-:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:1.2.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:1.2.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:1.3.0:-:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:1.3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:1.3.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:1.3.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:1.3.1:-:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:1.3.1:-:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:1.3.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:1.3.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:1.3.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:1.3.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:nlnetlabs:unbound:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:unbound:1.3.3:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-08-2017 - 01:31)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
debian DSA-1963
mlist
  • [Unbound-users] 20091007 Release of unbound 1.3.4
  • [oss-security] 20091009 CVE request: Unbound
  • [oss-security] 20091009 Re: CVE request: Unbound
osvdb 58836
secunia
  • 36996
  • 37913
vupen ADV-2009-2875
xf unbound-nsec3-security-bypass(53729)
Last major update 17-08-2017 - 01:31
Published 13-10-2009 - 10:30
Last modified 17-08-2017 - 01:31
Back to Top