Unbound DNS <= 1.20.0 Multiple Vulnerabilities

2024-08-1300:00:00

plugins.openvas.org

unbound dns

vulnerabilities

null pointer

heap buffer overflow

solution not available

CVSS3

4.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

AI Score

7.3

Confidence

Low

JSON

Unbound DNS is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:nlnetlabs:unbound";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.152852");
  script_version("2024-08-13T09:47:32+0000");
  script_tag(name:"last_modification", value:"2024-08-13 09:47:32 +0000 (Tue, 13 Aug 2024)");
  script_tag(name:"creation_date", value:"2024-08-13 02:36:43 +0000 (Tue, 13 Aug 2024)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:S/C:P/I:P/A:P");

  script_cve_id("CVE-2024-43167", "CVE-2024-43168");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_tag(name:"solution_type", value:"NoneAvailable");

  script_name("Unbound DNS <= 1.20.0 Multiple Vulnerabilities");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("General");
  script_dependencies("unbound_version.nasl");
  script_mandatory_keys("unbound/installed");

  script_tag(name:"summary", value:"Unbound DNS is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The following vulnerabilities exist:

  - CVE-2024-43167: NULL pointer dereference in the ub_ctx_set_fwd function

  - CVE-2024-43168: Heap buffer overflow in the cfg_mark_ports function within Unbound's
  config_file.c");

  script_tag(name:"affected", value:"Ubound DNS Resolver version 1.20.0 and prior.");

  script_tag(name:"solution", value:"No known solution is available as of 13th August, 2024.
  Information regarding this issue will be updated once solution details are available.");

  script_xref(name:"URL", value:"https://github.com/NLnetLabs/unbound/issues/1072");
  script_xref(name:"URL", value:"https://github.com/NLnetLabs/unbound/issues/1039");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!infos = get_app_version_and_proto(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
proto = infos["proto"];

if (version_is_less_equal(version: version, test_version: "1.20.0")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "None");
  security_message(port: port, data: report, proto: proto);
  exit(0);
}

exit(0);