CVE-2022-30698: Novel "ghost domain names" attack by introducing subdomain delegations
First published: Mon Aug 01 2022(Updated: )
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information.
Credit: sep@nlnetlabs.nl
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/unbound | <1.16.2 | 1.16.2 |
| Unbound | <1.16.2 | |
| Fedora | =35 | |
| Fedora | =36 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/
- https://security.gentoo.org/glsa/202212-02
- https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt
- https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2116731
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2116732
- https://access.redhat.com/errata/RHSA-2022:7622
- https://access.redhat.com/errata/RHSA-2022:8062
- https://access.redhat.com/security/cve/cve-2022-30698
- https://access.redhat.com/errata/RHSA-2024:2045
- https://bugzilla.redhat.com/show_bug.cgi?id=2116725
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2022-30698.
What is the severity of CVE-2022-30698?
The severity of CVE-2022-30698 is medium with a severity value of 6.5.
What software versions are affected by CVE-2022-30698?
NLnet Labs Unbound up to and including version 1.16.1 is affected by CVE-2022-30698.
How does CVE-2022-30698 work?
CVE-2022-30698 works by targeting an Unbound instance and using a novel type of the 'ghost domain names' attack.
How can CVE-2022-30698 be fixed?
To fix CVE-2022-30698, it is recommended to upgrade NLnet Labs Unbound to version 1.16.2 or later.
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-30698
- agent/software-canonical-lookup
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/references
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/nlnetlabs
- canonical/unbound
- vendor/fedoraproject
- canonical/fedora
- version/fedora/35
- version/fedora/36