Vulnerability CVE-2017-15105: Information
Description
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.
Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| unbound | sisyphus | 1.7.0-alt1 | 1.19.3-alt1 | ALT-PU-2018-1477-1 | 202823 | Fixed |
| unbound | p10 | 1.7.0-alt1 | 1.19.3-alt1 | ALT-PU-2018-1477-1 | 202823 | Fixed |
| unbound | p9 | 1.7.0-alt1 | 1.19.3-alt1 | ALT-PU-2018-1477-1 | 202823 | Fixed |
| unbound | p8 | 1.7.0-alt0.M80P.1 | 1.11.0-alt0.M80P.1 | ALT-PU-2018-1478-1 | 202824 | Fixed |
| unbound | c10f1 | 1.7.0-alt1 | 1.19.2-alt1 | ALT-PU-2018-1477-1 | 202823 | Fixed |
| unbound | c9f2 | 1.7.0-alt1 | 1.19.2-alt1 | ALT-PU-2018-1477-1 | 202823 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://unbound.net/downloads/CVE-2017-15105.txt |
|
| 102817 |
|
| [debian-lts-announce] 20180130 [SECURITY] [DLA 1264-1] unbound security update |
|
| USN-3673-1 |
|
| [debian-lts-announce] 20190214 [SECURITY] [DLA 1676-1] unbound security update |
|