1
PublicDateAtUSN: 2018-01-23
2
Candidate: CVE-2017-15105
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15105
6
https://unbound.net/downloads/CVE-2017-15105.txt
7
https://usn.ubuntu.com/usn/usn-3673-1
9
A flaw was found in the way unbound before 1.6.8 validated
10
wildcard-synthesized NSEC records. An improperly validated wildcard NSEC
11
record could be used to prove the non-existence (NXDOMAIN answer) of an
12
existing wildcard record, or trick unbound into accepting a NODATA proof.
14
Ralph Dolmans and Karst Koymans discovered that Unbound did not
15
properly handle certain NSEC records. An attacker could use this to
16
to prove the non-existence (NXDOMAIN answer) of an existing wildcard
17
record, or trick Unbound into accepting a NODATA proof.
20
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887733
21
https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720
23
Discovered-by: Ralph Dolmans and Karst Koymans
28
upstream: https://unbound.net/downloads/patch_cve_2017_15105.diff
29
upstream_unbound: released (1.6.8)
30
precise/esm_unbound: DNE
31
trusty_unbound: released (1.4.22-1ubuntu4.14.04.3)
32
xenial_unbound: released (1.5.8-1ubuntu1.1)
33
artful_unbound: released (1.6.5-1ubuntu0.2)
34
bionic_unbound: released (1.6.7-1ubuntu2.1)
35
devel_unbound: not-affected (1.7.1-1)