CVE-2012-1192

medium

Description

The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.

References

https://www.isc.org/files/imce/ghostdomain_camera.pdf

Details

Source: MITRE

Published: 2012-02-17

Updated: 2012-02-20

Type: NVD-CWE-Other

Risk Information

CVSS v2

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM