CVE-2022-30699: Novel "ghost domain names" attack by updating almost expired delegation information
First published: Mon Aug 01 2022(Updated: )
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.
Credit: sep@nlnetlabs.nl
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/unbound | <1.16.2 | 1.16.2 |
| libunbound | <1.16.2 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/
- https://security.gentoo.org/glsa/202212-02
- https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt
- https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2116735
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2116736
- https://access.redhat.com/errata/RHSA-2022:7622
- https://access.redhat.com/errata/RHSA-2022:8062
- https://access.redhat.com/security/cve/cve-2022-30699
- https://access.redhat.com/errata/RHSA-2024:2045
- https://bugzilla.redhat.com/show_bug.cgi?id=2116729
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-30699.
What is the severity of CVE-2022-30699?
The severity of CVE-2022-30699 is medium (6.5).
What software is affected by CVE-2022-30699?
NLnet Labs Unbound up to and including version 1.16.1 is affected by CVE-2022-30699.
How does CVE-2022-30699 work?
CVE-2022-30699 works by targeting an Unbound instance and exploiting a vulnerability related to cached delegation information.
Are there any references for CVE-2022-30699?
Yes, you can find references for CVE-2022-30699 at the following links: [Reference 1](https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html), [Reference 2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/), [Reference 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/).
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-30699
- agent/software-canonical-lookup
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/references
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/nlnetlabs
- canonical/libunbound
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36