645702 – (CVE-2017-15105) <net-dns/unbound-1.6.8: Improper validation of wildcard synthesized NSEC records (CVE-2017-15105)

Bug 645702 (CVE-2017-15105) - <net-dns/unbound-1.6.8: Improper validation of wildcard synthesized NSEC records (CVE-2017-15105)

Summary: <net-dns/unbound-1.6.8: Improper validation of wildcard synthesized NSEC reco...

Status:	RESOLVED FIXED

Alias:	CVE-2017-15105

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2018-01-25 15:44 UTC by GLSAMaker/CVETool Bot
Modified:	2018-12-02 23:23 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2018-01-25 15:44:09 UTC

CVE-2017-15105 (https://nvd.nist.gov/vuln/detail/CVE-2017-15105):
  A flaw was found in the way unbound before 1.6.8 validated
  wildcard-synthesized NSEC records. An improperly validated wildcard NSEC
  record could be used to prove the non-existence (NXDOMAIN answer) of an
  existing wildcard record, or trick unbound into accepting a NODATA proof.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2018-02-25 19:41:33 UTC

Fixed via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29d405ed2e3d4e1f5d9add5a0f1702f1ac85cd57

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2018-12-02 23:23:14 UTC

tree is clean