CVE-2017-15105

Priority
Description
A flaw was found in the way unbound before 1.6.8 validated
wildcard-synthesized NSEC records. An improperly validated wildcard NSEC
record could be used to prove the non-existence (NXDOMAIN answer) of an
existing wildcard record, or trick unbound into accepting a NODATA proof.
Ubuntu-Description
Ralph Dolmans and Karst Koymans discovered that Unbound did not
properly handle certain NSEC records. An attacker could use this to
to prove the non-existence (NXDOMAIN answer) of an existing wildcard
record, or trick Unbound into accepting a NODATA proof.
Notes
Package
Upstream:released (1.6.8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (1.4.22-1ubuntu4.14.04.3)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.5.8-1ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.6.7-1ubuntu2.1)
Patches:
Upstream:https://unbound.net/downloads/patch_cve_2017_15105.diff
More Information

Updated: 2020-09-10 05:37:45 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)