Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

NLnet Labs Information for VU#800113

Date Notified:2008-05-14
Date Updated:2008-07-10
Statement Date:2008-05-16
Status Summary:Not Vulnerable

Vendor Statement

Unbound implements numerous strategies to prevent spoof protection,

those include udp port randomization,  rtt banding, source ip
randomization, and optionally, so called 0x20 query name randomization.
Besides, Unbound features an architectural element that performs sanity
checks on incoming data to prevent certain types of poisoning attempts.

Although Unbound has been built using all known protections against DNS
spoofs, the DNS protocol is inherently vulnerable to these sorts of
attacks. NLnet Labs believes that the only real solution to this problem
is the use of DNSSEC.

Vendor Information

Addendum

The vendor has also posted an additional statement about this issue at the following location:


<http://nlnetlabs.nl/publications/DNS_cache_poisoning_vulnerability.html>

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information