FreeBSD : unbound -- denial of service vulnerabilities from nonstandard redirection and denial of existence (7ba65bfd-2a40-11e1-b96e-00215af774f0)

medium Nessus Plugin ID 57338

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Unbound developer reports :

Unbound crashes when confronted with a non-standard response from a server for a domain. This domain produces duplicate RRs from a certain type and is DNSSEC signed. Unbound also crashes when confronted with a query that eventually, and under specific circumstances, resolves to a domain that misses expected NSEC3 records.

Solution

Update the affected package.

See Also

https://nlnetlabs.nl/downloads/unbound/CVE-2011-4528.txt

http://www.nessus.org/u?34cc7486

Plugin Details

Severity: Medium

ID: 57338

File Name: freebsd_pkg_7ba65bfd2a4011e1b96e00215af774f0.nasl

Version: 1.10

Type: local

Published: 12/20/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:unbound, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/19/2011

Vulnerability Publication Date: 12/19/2011

Reference Information

CVE: CVE-2011-4528