Unbound DNS Resolver < 1.19.1-2.fc40 Access Control Vulnerability

2024-03-0800:00:00

plugins.openvas.org

unbound dns resolver

access control

vulnerability

unauthorized configuration changes

version 1.19.1-2.fc40

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

Percentile

13.0%

JSON

Unbound is prone to an access control vulnerability.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:nlnetlabs:unbound";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.124618");
  script_version("2024-06-26T05:05:39+0000");
  script_tag(name:"last_modification", value:"2024-06-26 05:05:39 +0000 (Wed, 26 Jun 2024)");
  script_tag(name:"creation_date", value:"2024-03-08 07:07:53 +0000 (Fri, 08 Mar 2024)");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:C/A:C");

  script_cve_id("CVE-2024-1488");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Unbound DNS Resolver < 1.19.1-2.fc40 Access Control Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("General");
  script_dependencies("unbound_version.nasl");
  script_mandatory_keys("unbound/installed");

  script_tag(name:"summary", value:"Unbound is prone to an access control vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Unbound allows by default not only members of unbound group to
  change any unbound runtime configuration, but any process able to connect over localhost to port
  8953, can change configuration of unbound.service.");

  script_tag(name:"affected", value:"Ubound version prior to 1.19.1-2.fc40.");

  script_tag(name:"solution", value:"Update to version 1.19.1-2.fc40 or later.");

  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2264183");
  script_xref(name:"URL", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2024-f858b5bb4e");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!infos = get_app_version_and_proto(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
proto = infos["proto"];

if (version_is_less(version: version, test_version: "1.19.1-2.fc40")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "1.19.1-2.fc40");
  security_message(port: port, data: report, proto: proto);
  exit(0);
}

exit(99);