CVE-2024-1488

Published Feb 15, 2024

Last updated 7 months ago

CVSS high 8.0

Overview

Description: A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
Source: secalert@redhat.com
NVD status: Modified
Products: unbound, codeready_linux_builder, codeready_linux_builder_eus, codeready_linux_builder_eus_for_power_little_endian, codeready_linux_builder_for_arm64, codeready_linux_builder_for_arm64_eus, codeready_linux_builder_for_ibm_z_systems, codeready_linux_builder_for_ibm_z_systems_eus, enterprise_linux, enterprise_linux_eus, enterprise_linux_for_arm_64, enterprise_linux_for_arm_64_eus, enterprise_linux_for_ibm_z_systems, enterprise_linux_for_ibm_z_systems_eus, enterprise_linux_for_power_little_endian, enterprise_linux_for_power_little_endian_eus, enterprise_linux_server_aus, enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, enterprise_linux_server_tus

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.3
Impact score: 5.5
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Severity: HIGH

Weaknesses

secalert@redhat.com: CWE-276
nvd@nist.gov: CWE-276

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fedoraproject:unbound:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42DC89D4-6DF0-4212-B5BA-56583F095047",
            "versionEndExcluding": "1.19.1-2.fc40"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ABBAA9E-CCBA-480B-ABB5-454448D91262"
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "936B046D-ADEB-4701-8957-AC28CFA9C5C9"
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C4B0BD8-527F-4728-A64B-F8F06D5EDEC5"
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98638583-9933-42F2-964E-7F8E7CF36918"
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0DE225E-E1B5-411E-B2E7-6201E09B9571"
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "910C9542-26FC-4635-9351-128727971830"
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.2_aarch64:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE497FA8-F9F2-4C45-8CA5-919B205303CA"
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88F9EB73-1F19-4BD9-AB19-36F9F1A5156E"
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA3C5EAE-267F-410F-8AFA-8F5B68A9E617"
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50321FD4-AD8E-4460-8820-25F7C4ECAC5D"
          },
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35232613-B8B5-4F4D-A6CD-3823C6666534"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A47EF78-A5B6-4B89-8B74-EEB0647C549F"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D85E0DBA-A856-472A-8271-A4F37C35F952"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37B7CE5C-BFEA-4F96-9759-D511EF189059"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "213593D4-EB5A-4A1B-BDF3-3F043C5F6A6C"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01363FFA-F7A6-43FC-8D47-E67F95410095"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB056B47-1F45-4CE4-81F6-872F66C24C29"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E068ABB-31C2-416E-974A-95E07A2BAB0A"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B758EDC9-6421-422C-899E-A273D2936D8E"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22C65F53-D624-48A9-A9B7-4C78A31E19F9"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F843B777-5C64-4CAE-80D6-89DC2C9515B1"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED521457-498F-4E43-B714-9A3F2C3CD09A"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9C30C59-07F7-4CCE-B057-052ECCD36DB8"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F91F9255-4EE1-43C7-8831-D2B6C228BFD9"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39D345D3-108A-4551-A112-5EE51991411A"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2_ppc64le:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC54523F-1F6A-4F55-9B33-6C5A493B0541"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4_ppc64le:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E645F29-0FE0-477F-969A-55F009AB018C"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C138DAF-9769-43B0-A9E6-320738EB3415"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18037675-B4D3-401E-96D3-9EA3C1993920"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC6A25CB-907A-4D05-8460-A2488938A8BE"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C30F155-DF7D-4195-92D9-A5B80407228D"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1CA946D-1665-4874-9D41-C7D963DD1F56"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References