CVE-2009-3602
First published: Tue Oct 13 2009(Updated: )
Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libunbound | =0.8 | |
| libunbound | =1.2.1 | |
| libunbound | =1.0.1 | |
| libunbound | =1.1.0 | |
| libunbound | =0.0 | |
| libunbound | =0.10 | |
| libunbound | =1.3.0 | |
| libunbound | =0.09 | |
| libunbound | =1.0.0 | |
| libunbound | =0.7.2 | |
| libunbound | =1.1.1 | |
| libunbound | =0.11 | |
| libunbound | <=1.3.3 | |
| libunbound | =1.3.2 | |
| libunbound | =1.3.1 | |
| libunbound | =0.4 | |
| libunbound | =0.7 | |
| libunbound | =0.2 | |
| libunbound | =0.1 | |
| libunbound | =0.7.1 | |
| libunbound | =1.2.0 | |
| libunbound | =1.0.2 | |
| libunbound | =0.5 | |
| libunbound | =0.6 | |
| libunbound | =0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2009/2875
- http://secunia.com/advisories/36996
- http://www.openwall.com/lists/oss-security/2009/10/09/2
- http://www.openwall.com/lists/oss-security/2009/10/09/3
- http://osvdb.org/58836
- http://unbound.net/pipermail/unbound-users/2009-October/000852.html
- http://www.debian.org/security/2009/dsa-1963
- http://secunia.com/advisories/37913
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53729
Frequently Asked Questions
What is the severity of CVE-2009-3602?
CVE-2009-3602 has a high severity rating due to its potential to enable DNS spoofing attacks.
How do I fix CVE-2009-3602?
To fix CVE-2009-3602, upgrade the Unbound software to version 1.3.4 or later.
What impact does CVE-2009-3602 have on affected systems?
CVE-2009-3602 may allow remote attackers to downgrade secure DNS delegations, compromising the integrity of DNS responses.
Which versions of Unbound are affected by CVE-2009-3602?
CVE-2009-3602 affects Unbound versions prior to 1.3.4, including several earlier releases.
Is there a workaround for CVE-2009-3602 if I cannot update Unbound?
If unable to update, consider implementing additional DNS security measures, but upgrading to the patched version is recommended.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/nlnetlabs
- canonical/libunbound
- version/libunbound/0.8
- version/libunbound/1.2.1
- version/libunbound/1.0.1
- version/libunbound/1.1.0
- version/libunbound/0.0
- version/libunbound/0.10
- version/libunbound/1.3.0
- version/libunbound/0.09
- version/libunbound/1.0.0
- version/libunbound/0.7.2
- version/libunbound/1.1.1
- version/libunbound/0.11
- version/libunbound/1.3.3
- version/libunbound/1.3.2
- version/libunbound/1.3.1
- version/libunbound/0.4
- version/libunbound/0.7
- version/libunbound/0.2
- version/libunbound/0.1
- version/libunbound/0.7.1
- version/libunbound/1.2.0
- version/libunbound/1.0.2
- version/libunbound/0.5
- version/libunbound/0.6
- version/libunbound/0.3