8

CVE-2024-1488

Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedoraprojectUnbound Version < 1.19.1-2.fc40
RedhatCodeready Linux Builder For Arm64 Version9.0_aarch64
RedhatCodeready Linux Builder For Arm64 Version9.2_aarch64
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Eus Version8.6
RedhatEnterprise Linux Eus Version8.8
RedhatEnterprise Linux Eus Version9.2
RedhatEnterprise Linux Eus Version9.4
RedhatEnterprise Linux For Arm 64 Version8.0_aarch64
RedhatEnterprise Linux For Arm 64 Version9.0_aarch64
RedhatEnterprise Linux For Arm 64 Version9.2_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version8.6_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version8.8_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.4_aarch64
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.32% 0.233
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.3 1.8 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
secalert@redhat.com 8 2.5 5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://access.redhat.com/errata/RHSA-2024:1750
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1751
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1780
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1801
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1802
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1804
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2587
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2696
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0837
https://access.redhat.com/security/cve/CVE-2024-1488
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2264183
Patch
Issue Tracking