[Unbound-users] VU#209659 CVE-2011-4528: Unbound denial of service vulnerabilities from nonstandard redirection and denial of existence
fw at deneb.enyo.de
Thu Dec 22 18:47:47 UTC 2011
* Florian Weimer:
> * W. C. A. Wijngaards:
>> Subject: Unbound denial of service vulnerabilities from nonstandard
>> redirection and denial of existence [ VU#209659 CVE-2011-4528 ]
>> These two problems were discovered within 24 hours, hence a combined
>> vulnerability disclosure.
> I believe that CVE-2011-4528 only applies to this issue:
I should have mentioned my opinion is based on CD:SF-LOC item 2:
>> == Description 1: crash on signed duplicate Resource Records
> For the other issue, no CVE identifier has been assigned yet, it
I've noticed that CVE-2011-4869 has been assigned to the second issue:
| validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly
| perform proof processing for NSEC3-signed zones, which allows remote
| DNS servers to cause a denial of service (daemon crash) via a
| malformed response that lacks expected NSEC3 records, a different
| vulnerability than CVE-2011-4528.
Thanks for providing minimal patches, this helps a lot!
More information about the Unbound-users