* Florian Weimer: > * W. C. A. Wijngaards: > >> Subject: Unbound denial of service vulnerabilities from nonstandard >> redirection and denial of existence [ VU#209659 CVE-2011-4528 ] > >> These two problems were discovered within 24 hours, hence a combined >> vulnerability disclosure. > > I believe that CVE-2011-4528 only applies to this issue:
I should have mentioned my opinion is based on CD:SF-LOC item 2: <http://cve.mitre.org/cve/editorial_policies/cd_overview.html> >> == Description 1: crash on signed duplicate Resource Records > > For the other issue, no CVE identifier has been assigned yet, it > appears. I've noticed that CVE-2011-4869 has been assigned to the second issue: | validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly | perform proof processing for NSEC3-signed zones, which allows remote | DNS servers to cause a denial of service (daemon crash) via a | malformed response that lacks expected NSEC3 records, a different | vulnerability than CVE-2011-4528. <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4869> Thanks for providing minimal patches, this helps a lot! _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
