Vulnerability identifier: #VU66547
Vulnerability risk: Medium
Exploitation vector: Network
Exploit availability: No
Vendor: NLnet Labs
The vulnerability allows a remote attacker to poison DNS cache.
The vulnerability exists due to the way Unbound handles delegation information expiration event. A remote attacker who controls a rouge DNS server can force the Unbound instance to cache incorrect information about domain delegation and permanently poison the DNS cache, e.g. perform the "ghost domain names" attack.
The attack is perform when Unbound is queried for a rogue domain name, which cached delegation information is about to expire. The rogue nameserver delays the response until the cached delegation information expires. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries.
Install updates from vendor's website.
Vulnerable software versions
Unbound: 1.0.0 - 1.16.1 rc1
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?