Re: CVE request: Unbound

[Josh Bressers <bressers () redhat com>]

----- "Florian Weimer" <fw () deneb enyo de> wrote:

> Unbound before 1.3.4 does not check the signatures on NSEC3 records
> under unspecified conditions, enabling attackers who can perform DNS
> spoofing to downgrade existing secure delegations to insecure status,
> which then can be targeted in further spoofing attacks.
>
> <http://unbound.net/pipermail/unbound-users/2009-October/000852.html>
>
> (Older versions, back to 1.0.x, are also affected.)

Steve Christey asked me to assign CVE ids for oss-security requests for a bit,
so don't think it odd when I keep replying to these.

Please use CVE-2009-3602 for this.

Thanks

-- 
    JB