[Unbound-users] VU#209659 CVE-2011-4528: Unbound denial of service vulnerabilities from nonstandard redirection and denial of existence
Florian Weimer
fw at deneb.enyo.de
Thu Dec 22 18:47:47 UTC 2011
* Florian Weimer:
> * W. C. A. Wijngaards:
>
>> Subject: Unbound denial of service vulnerabilities from nonstandard
>> redirection and denial of existence [ VU#209659 CVE-2011-4528 ]
>
>> These two problems were discovered within 24 hours, hence a combined
>> vulnerability disclosure.
>
> I believe that CVE-2011-4528 only applies to this issue:
I should have mentioned my opinion is based on CD:SF-LOC item 2:
<http://cve.mitre.org/cve/editorial_policies/cd_overview.html>
>> == Description 1: crash on signed duplicate Resource Records
>
> For the other issue, no CVE identifier has been assigned yet, it
> appears.
I've noticed that CVE-2011-4869 has been assigned to the second issue:
| validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly
| perform proof processing for NSEC3-signed zones, which allows remote
| DNS servers to cause a denial of service (daemon crash) via a
| malformed response that lacks expected NSEC3 records, a different
| vulnerability than CVE-2011-4528.
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4869>
Thanks for providing minimal patches, this helps a lot!
More information about the Unbound-users
mailing list