Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cache poisoning via the ECS-enabled Rebirthday Attack
Vulnerability Description
A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to upstream name servers, i.e., at least one of the 'send-client-subnet', 'client-subnet-zone' or 'client-subnet-always-forward' options is used. Resolvers supporting ECS need to segregate outgoing queries to accommodate for different outgoing ECS information. This re-opens up resolvers to a birthday paradox attack (Rebirthday Attack) that tries to match the DNS transaction ID in order to cache non-ECS poisonous replies.
CVSS Information
N/A
Vulnerability Type
在可信数据中接受外来的不可信数据
Vulnerability Title
NLnet Unbound 安全漏洞
Vulnerability Description
NLnet Unbound是荷兰NLnet团队的一款开源DNS服务器。 NLnet Unbound存在安全漏洞,该漏洞源于支持EDNS Client Subnet时存在缓存投毒风险,可能导致Rebirthday攻击。
CVSS Information
N/A
Vulnerability Type
N/A