Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2017-15105

Published: 23/01/2018 Updated: 09/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Unbound

Vulnerability Summary

A flaw was found in the way unbound prior to 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.

Vulnerable Product Search on Vulmon Subscribe to Product

nlnetlabs unbound

debian debian linux 8.0

debian debian linux 7.0

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 18.04

canonical ubuntu linux 17.10

Vendor Advisories

Debian CVElist Bug Report Logs: unbound: CVE-2017-15105: vulnerability in the processing of wildcard synthesized NSEC records
Debian Bug report logs - #887733 unbound: CVE-2017-15105: vulnerability in the processing of wildcard synthesized NSEC records Package: src:unbound; Maintainer for src:unbound is unbound packagers <unbound@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 19 Jan 2018 13:57:02 UTC ...
Ubuntu Security Notice: unbound vulnerability
A security issue was fixed in Unbound ...
Red Hat: CVE-2017-15105
A flaw was found in the way unbound validated wildcard-synthesized NSEC records An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof ...

Github Repositories

https://github.com/ibauersachs/dnssecjava

A DNSSEC validating stub resolver for Java.

Archival notice dnssecjava was merged into dnsjava and is a built-in resolver from v350 on dnssecjava A DNSSEC validating stub resolver for Java Is this library safe to use? Maybe There's been no audit of the code so far, so there are absolutely no guarantees The rest depends currently on your use case: the proof that a positive response is correct should be saf

References

CWE-20https://unbound.net/downloads/CVE-2017-15105.txthttp://www.securityfocus.com/bid/102817https://lists.debian.org/debian-lts-announce/2018/01/msg00039.htmlhttps://usn.ubuntu.com/3673-1/https://lists.debian.org/debian-lts-announce/2019/02/msg00022.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887733https://usn.ubuntu.com/3673-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook