8

CVE-2024-1488

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.

Data is provided by the National Vulnerability Database (NVD)
FedoraprojectUnbound Version < 1.19.1-2.fc40
RedhatCodeready Linux Builder For Arm64 Version9.0_aarch64
RedhatCodeready Linux Builder For Arm64 Version9.2_aarch64
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Eus Version8.6
RedhatEnterprise Linux Eus Version8.8
RedhatEnterprise Linux Eus Version9.2
RedhatEnterprise Linux Eus Version9.4
RedhatEnterprise Linux For Arm 64 Version8.0_aarch64
RedhatEnterprise Linux For Arm 64 Version9.0_aarch64
RedhatEnterprise Linux For Arm 64 Version9.2_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version8.6_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version8.8_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.4_aarch64
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.07% 0.222
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.3 1.8 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
secalert@redhat.com 8 2.5 5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.