1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1109427: unbound: CVE-2025-5994

    From Salvatore Bonaccorso@21:1/5 to All on Thu Jul 17 16:00:01 2025
    Source: unbound
    Version: 1.22.0-1
    Severity: important
    Tags: security upstream
    X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
    Control: found -1 1.13.1-1+deb11u4
    Control: found -1 1.13.1-1+deb11u2
    Control: found -1 1.13.1-1

    Hi,

    The following vulnerability was published for unbound.

    CVE-2025-5994[0]:
    | A multi-vendor cache poisoning vulnerability named 'Rebirthday
    | Attack' has been discovered in caching resolvers that support EDNS
    | Client Subnet (ECS). Unbound is also vulnerable when compiled with
    | ECS support, i.e., '--enable-subnet', AND configured to send ECS
    | information along with queries to upstream name servers, i.e., at
    | least one of the 'send-client-subnet', 'client-subnet-zone' or
    | 'client-subnet-always-forward' options is used. Resolvers supporting
    | ECS need to segregate outgoing queries to accommodate for different
    | outgoing ECS information. This re-opens up resolvers to a birthday
    | paradox attack (Rebirthday Attack) that tries to match the DNS
    | transaction ID in order to cache non-ECS poisonous replies.


    If you fix the vulnerability please also make sure to include the
    CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

    For further information see:

    [0] https://security-tracker.debian.org/tracker/CVE-2025-5994
    https://www.cve.org/CVERecord?id=CVE-2025-5994
    [1] https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt

    Please adjust the affected versions in the BTS as needed.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)