Lucene search
K

EulerOS Virtualization 2.12.1 : unbound (EulerOS-SA-2025-1559)

🗓️ 17 May 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 11 Views

EulerOS Virtualization affected by vulnerabilities in unbound leading to potential denial of service.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(236914);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/05/17");

  script_cve_id("CVE-2024-8508", "CVE-2024-33655", "CVE-2024-43167");
  script_xref(name:"IAVA", value:"2024-A-0682");

  script_name(english:"EulerOS Virtualization 2.12.1 : unbound (EulerOS-SA-2025-1559)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host
is affected by the following vulnerabilities :

    NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with
    very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very
    large RRsets can cause Unbound to spend a considerable time applying name compression to downstream
    replies. This can lead to degraded performance and eventually denial of service in well orchestrated
    attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially
    crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will
    try to apply name compression which was an unbounded operation that could lock the CPU until the whole
    packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression
    calculations it is willing to do per packet. Packets that need more compression will result in semi-
    compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long.
    This change should not affect normal DNS traffic.(CVE-2024-8508)

    A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed
    queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers,
    Unbound slowly accumulates pending answers for the spoofed addresses. When the authoritative answers
    become available to Unbound at the same time, Unbound starts serving all the accumulated queries. This
    results in large-sized, concentrated response bursts to the spoofed addresses.(CVE-2024-33655)

    A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could
    allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When
    certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the
    program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of
    service by causing the application to terminate unexpectedly.(CVE-2024-43167)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization unbound security
advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2025-1559
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e8a88664");
  script_set_attribute(attribute:"solution", value:
"Update the affected unbound packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-8508");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/05/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/05/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/05/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-unbound");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:unbound");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:unbound-libs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.12.1");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.12.1") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.12.1");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "python3-unbound-1.13.2-7.h6.eulerosv2r12",
  "unbound-1.13.2-7.h6.eulerosv2r12",
  "unbound-libs-1.13.2-7.h6.eulerosv2r12"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unbound");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 May 2025 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 3.15.3 - 7.5
EPSS0.01729
SSVC
11