| Title | Unbound DNS リゾルバにサービス運用妨害 (DoS) の脆弱性 |
|---|---|
| Summary | Unbound DNS リゾルバには、サービス運用妨害 (DoS) の脆弱性が存在します。 Unbound DNS リゾルバには、細工された DNS クエリを受信した際に空の UDP パケットで応答することに起因する、サービス運用妨害 (DoS) の脆弱性が存在します。 なお、開発者から以下の脆弱性情報が公開されています。 "Certain types of DNS queries may cause Unbound to respond with a DNS error message. The code generating this error message contains an error whereby Unbound constructs an empty UDP message. That empty UDP message triggers an assertion failsafe in the part of Unbound that is invoked when the interface-automatic option is set. In the case that the interface-automatic option was not set or assertion failsafe is not configured the empty packets would be sent, which is not harmful. The error can only be triggered when Unbound is configured with assertions (--enable-checking or --enable-debug) and has the option interface-automatic turned on. Versions in which this error occurs: Unbound 1.0 up to and including Unbound 1.4.9 * FreeBSD ports for Unbound are not susceptible by default, as it does not enable assertions. * RHEL/Fedora systems do compile Unbound with --enable-checking but do not set automatic-interface:yes per default. * Debian/Ubuntu Unbound packages do not compile with assertions by default." |
| Possible impacts | 遠隔の第三者によって、サービス運用妨害 (DoS) 攻撃を受ける可能性があります。 |
| Solution | [アップデートする] NLnet Labs が提供する情報をもとにアップデートを適用してください。 |
| Publication Date | May 26, 2011, midnight |
| Registration Date | June 8, 2011, 11:55 a.m. |
| Last Update | June 8, 2011, 11:55 a.m. |
| CVSS2.0 : 警告 | |
| Score | 4.3 |
|---|---|
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
| Stichting NLnet Labs |
| Unbound 1.4.9 およびそれ以前のバージョン |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2011年06月08日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling. |
|---|---|
| Publication Date | June 1, 2011, 5:55 a.m. |
| Registration Date | Jan. 28, 2021, 4:38 p.m. |
| Last Update | Nov. 21, 2024, 10:27 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:nlnetlabs:unbound:1.3.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.4.9:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.2.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.3.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.4.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.4.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.4.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.1.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.3.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.4.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.4.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.1.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.4.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.3.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.4.8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.3.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.4.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.2.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nlnetlabs:unbound:1.4.4:*:*:*:*:*:*:* | |||||