Download
| Alert*
oval:org.secpod.oval:def:63416
The host is installed with Unbound before 1.9.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the crafted NOTIFY query. Successful exploitation allow remote attackers to trigger a crash. oval:org.secpod.oval:def:117270 Unbound is a validating, recursive, and caching DNS resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modular comp ... oval:org.secpod.oval:def:117308 Unbound is a validating, recursive, and caching DNS resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modular comp ... oval:org.secpod.oval:def:69767 X41 D-Sec discovered that unbound, a validating, recursive, and caching DNS resolver, did not correctly process some NOTIFY queries. This could lead to remote denial-of-service by application crash. oval:org.secpod.oval:def:705231 unbound: validating, recursive, caching DNS resolver Unbound could be made to crash if it received a specially crafted NOTIFY query. oval:org.secpod.oval:def:59767 Due to an error in parsing NOTIFY queries, it is possible for Unbound to continue processing malformed queries and may ultimately result in a pointer dereference in uninitialized memory. This results in a crash of the Unbound daemon. oval:org.secpod.oval:def:59278 X41 D-Sec discovered that unbound, a validating, recursive, and caching DNS resolver, did not correctly process some NOTIFY queries. This could lead to remote denial-of-service by application crash. |