CVE-2009-3602
Debian Linux Security Advisory 1963-1
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.
Unbound anterior v1.3.4 no comprueba las firmas para registros NSEC3, lo que permite a atacantes remotos causar una delegación de seguridad para ser descargada a través de suplantación de DNS u otros ataques relativos al DNS conjuntamente con respuestas de delegación manipuladas.
It was discovered that Unbound, a DNS resolver, does not properly check cryptographic signatures on NSEC3 records. As a result, zones signed with the NSEC3 variant of DNSSEC lose their cryptographic protection. (An attacker would still have to carry out an ordinary cache poisoning attack to add bad data to the cache.)
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-10-09 CVE Reserved
- 2009-10-13 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/58836 | Vdb Entry | |
| http://secunia.com/advisories/37913 | Third Party Advisory | |
| http://www.openwall.com/lists/oss-security/2009/10/09/2 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2009/10/09/3 | Mailing List |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53729 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/36996 | 2017-08-17 | |
| http://unbound.net/pipermail/unbound-users/2009-October/000852.html | 2017-08-17 | |
| http://www.debian.org/security/2009/dsa-1963 | 2017-08-17 | |
| http://www.vupen.com/english/advisories/2009/2875 | 2017-08-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | <= 1.3.3 Search vendor "Nlnetlabs" for product "Unbound" and version " <= 1.3.3" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 0.0 Search vendor "Nlnetlabs" for product "Unbound" and version "0.0" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 0.1 Search vendor "Nlnetlabs" for product "Unbound" and version "0.1" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 0.2 Search vendor "Nlnetlabs" for product "Unbound" and version "0.2" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 0.3 Search vendor "Nlnetlabs" for product "Unbound" and version "0.3" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 0.4 Search vendor "Nlnetlabs" for product "Unbound" and version "0.4" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 0.5 Search vendor "Nlnetlabs" for product "Unbound" and version "0.5" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 0.6 Search vendor "Nlnetlabs" for product "Unbound" and version "0.6" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 0.7 Search vendor "Nlnetlabs" for product "Unbound" and version "0.7" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 0.7.1 Search vendor "Nlnetlabs" for product "Unbound" and version "0.7.1" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 0.7.2 Search vendor "Nlnetlabs" for product "Unbound" and version "0.7.2" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 0.8 Search vendor "Nlnetlabs" for product "Unbound" and version "0.8" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 0.09 Search vendor "Nlnetlabs" for product "Unbound" and version "0.09" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 0.10 Search vendor "Nlnetlabs" for product "Unbound" and version "0.10" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 0.11 Search vendor "Nlnetlabs" for product "Unbound" and version "0.11" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 1.0.0 Search vendor "Nlnetlabs" for product "Unbound" and version "1.0.0" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 1.0.1 Search vendor "Nlnetlabs" for product "Unbound" and version "1.0.1" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 1.0.2 Search vendor "Nlnetlabs" for product "Unbound" and version "1.0.2" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 1.1.0 Search vendor "Nlnetlabs" for product "Unbound" and version "1.1.0" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 1.1.1 Search vendor "Nlnetlabs" for product "Unbound" and version "1.1.1" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 1.2.0 Search vendor "Nlnetlabs" for product "Unbound" and version "1.2.0" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 1.2.1 Search vendor "Nlnetlabs" for product "Unbound" and version "1.2.1" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 1.3.0 Search vendor "Nlnetlabs" for product "Unbound" and version "1.3.0" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 1.3.1 Search vendor "Nlnetlabs" for product "Unbound" and version "1.3.1" | - |
Affected
| ||||||
| Nlnetlabs Search vendor "Nlnetlabs" | Unbound Search vendor "Nlnetlabs" for product "Unbound" | 1.3.2 Search vendor "Nlnetlabs" for product "Unbound" and version "1.3.2" | - |
Affected
| ||||||