Date: Thu, 23 Oct 2025 17:02:39 GMT From: "R. Christian McDonald" <rcm@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: f4ead079c709 - main - security/vuxml: document unbound non-DNSSEC cache poisoning vulns Message-ID: <202510231702.59NH2dkW089715@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by rcm: URL: https://cgit.FreeBSD.org/ports/commit/?id=f4ead079c7092b07e051a32b9a830919dc52f07d commit f4ead079c7092b07e051a32b9a830919dc52f07d Author: Jaap Akkerhuis <jaap@NLnetLabs.nl> AuthorDate: 2025-10-23 16:50:47 +0000 Commit: R. Christian McDonald <rcm@FreeBSD.org> CommitDate: 2025-10-23 17:01:07 +0000 security/vuxml: document unbound non-DNSSEC cache poisoning vulns * CVE-2025-11411 PR: 290429 Reviewed by: brd Sponsored by: Rubicon Communications, LLC ("Netgate") --- security/vuxml/vuln/2025.xml | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index bc28d678e584..a4a5c8a8df0c 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,42 @@ + <vuln vid="ea1c485f-b025-11f0-bce7-bc2411002f50"> + <topic>unbound -- Possible domain hijacking via promiscuous records in the authority section</topic> + <affects> + <package> + <name>unbound</name> + <range><lt>1.24.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>sep@nlnetlabs.nl reports:</p> + <blockquote cite="https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt">; + <p>NLnet Labs Unbound up to and including version 1.24.0 is vulnerable + to possible domain hijack attacks. Promiscuous NS RRSets that + complement positive DNS replies in the authority section can be + used to trick resolvers to update their delegation information for + the zone. Usually these RRSets are used to update the resolver's + knowledge of the zone's name servers. A malicious actor can + exploit the possible poisonous effect by injecting NS RRSets (and + possibly their respective address records) in a reply. This could + be done for example by trying to spoof a packet or fragmentation + attacks. Unbound would then proceed to update the NS RRSet data + it already has since the new data has enough trust for it, i.e., + in-zone data for the delegation point. Unbound 1.24.1 includes a + fix that scrubs unsolicited NS RRSets (and their respective address + records) from replies mitigating the possible poison effect.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11411</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-11411</url>; + </references> + <dates> + <discovery>2025-10-22</discovery> + <entry>2025-10-23</entry> + </dates> + </vuln> + <vuln vid="269c2de7-afaa-11f0-b4c8-792b26d8a051"> <topic>RT -- XSS via calendar invitations</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202510231702.59NH2dkW089715>