Main Vulnerability Database SB2011060201

SB2011060201 - Resource management error in Unbound

Published: June 2, 2011 Updated: August 11, 2020

Security Bulletin ID SB2011060201

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2009-4008)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query.

Remediation

Install update from vendor's website.

References

http://packages.debian.org/changelogs/pool/main/u/unbound/unbound_1.4.6-1/changelog
http://unbound.nlnetlabs.nl/downloads/unbound-1.4.4.tar.gz
http://www.debian.org/security/2011/dsa-2243