CVE-2024-1488: Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation
First published: Wed Feb 14 2024(Updated: )
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/unbound 1.19.1 | <2. | 2. |
| libunbound | <1.19.1-2.fc40 | |
| Red Hat CodeReady Linux Builder | =9.0 | |
| Red Hat CodeReady Linux Builder | =9.2 | |
| Red Hat CodeReady Linux Builder | =9.4 | |
| Red Hat CodeReady Linux Builder for Power, little endian | =9.0_ppc64le | |
| Red Hat CodeReady Linux Builder for Power, little endian | =9.2_ppc64le | |
| Red Hat CodeReady Linux Builder for ARM 64 | =9.0_aarch64 | |
| Red Hat CodeReady Linux Builder for ARM 64 | =9.2_aarch64 | |
| Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support | =9.4_aarch64 | |
| Red Hat CodeReady Linux Builder for IBM z Systems | =9.0_s390x | |
| Red Hat CodeReady Linux Builder for IBM z Systems | =9.2_s390x | |
| Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support | =9.4_s390x | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =9.0 | |
| Red Hat Enterprise Linux Server EUS | =8.6 | |
| Red Hat Enterprise Linux Server EUS | =8.8 | |
| Red Hat Enterprise Linux Server EUS | =9.2 | |
| Red Hat Enterprise Linux Server EUS | =9.4 | |
| Red Hat Enterprise Linux | =8.0_aarch64 | |
| Red Hat Enterprise Linux | =9.0_aarch64 | |
| Red Hat Enterprise Linux | =9.2_aarch64 | |
| Red Hat Enterprise Linux for ARM64 EUS | =8.6_aarch64 | |
| Red Hat Enterprise Linux for ARM64 EUS | =8.8_aarch64 | |
| Red Hat Enterprise Linux for ARM64 EUS | =9.4_aarch64 | |
| Red Hat Enterprise Linux for IBM Z Systems | =8.0_s390x | |
| Red Hat Enterprise Linux for IBM Z Systems | =9.0_s390x | |
| Red Hat Enterprise Linux for IBM Z Systems | =9.2_s390x | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =8.6_s390x | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =8.8_s390x | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =9.4_s390x | |
| Red Hat Enterprise Linux for Power, little endian | =8.0_ppc64le | |
| Red Hat Enterprise Linux for Power, little endian | =9.0_ppc64le | |
| Red Hat Enterprise Linux for Power, little endian | =9.2_ppc64le | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.6_ppc64le | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.8_ppc64le | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =9.4_ppc64le | |
| Red Hat Enterprise Linux Server | =8.2 | |
| Red Hat Enterprise Linux Server | =8.4 | |
| Red Hat Enterprise Linux Server | =8.6 | |
| Red Hat Enterprise Linux Server | =9.2 | |
| Red Hat Enterprise Linux Server | =9.4 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.2_ppc64le | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.4_ppc64le | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.6_ppc64le | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.8_ppc64le | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =9.2_ppc64le | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =9.4_ppc64le | |
| Red Hat Enterprise Linux Server | =8.2 | |
| Red Hat Enterprise Linux Server | =8.4 | |
| Red Hat Enterprise Linux Server | =8.6 | |
| Red Hat Enterprise Linux Server | =8.8 | |
| IBM Security QRadar | <=7.5 - 7.5.0 UP8 IF01 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/283575
- https://www.ibm.com/support/pages/node/7150684 (Advisory)
- https://access.redhat.com/errata/RHSA-2024:1750
- https://access.redhat.com/errata/RHSA-2024:1751
- https://access.redhat.com/errata/RHSA-2024:1780
- https://access.redhat.com/errata/RHSA-2024:1801
- https://access.redhat.com/errata/RHSA-2024:1802
- https://access.redhat.com/errata/RHSA-2024:1804
- https://access.redhat.com/errata/RHSA-2024:2587
- https://access.redhat.com/errata/RHSA-2024:2696
- https://access.redhat.com/errata/RHSA-2025:0837
- https://access.redhat.com/security/cve/CVE-2024-1488
- https://bugzilla.redhat.com/show_bug.cgi?id=2264183
- https://src.fedoraproject.org/rpms/unbound/c/39b47dbaf1ebe59e71a0e4269a6bb62d3126ba7d
- https://src.fedoraproject.org/rpms/unbound/c/2cd0b94125f7cd88cdb777a8f546f3480bbd750a
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2264184
Frequently Asked Questions
What is the severity of CVE-2024-1488?
CVE-2024-1488 has a medium severity due to its potential impact on system configuration.
How do I fix CVE-2024-1488?
To fix CVE-2024-1488, ensure the correct permissions are set for the unbound runtime configuration and update to the latest version of unbound.
What systems are impacted by CVE-2024-1488?
CVE-2024-1488 affects several versions of IBM QRadar SIEM and specific versions of Red Hat Enterprise Linux.
Can CVE-2024-1488 be exploited remotely?
CVE-2024-1488 can be exploited if an attacker has local access and can connect to unbound's service on localhost.
What is the nature of the vulnerability in CVE-2024-1488?
The vulnerability in CVE-2024-1488 arises from incorrect default permissions that allow unauthorized modifications to the unbound runtime configuration.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/description
- agent/trending
- agent/source
- agent/severity
- agent/remedy
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-1488
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/ibm-support
- source/IBM
- package-manager/redhat
- vendor/fedoraproject
- canonical/libunbound
- vendor/redhat
- canonical/red hat codeready linux builder
- version/red hat codeready linux builder/9.0
- version/red hat codeready linux builder/9.2
- version/red hat codeready linux builder/9.4
- canonical/red hat codeready linux builder for power, little endian
- version/red hat codeready linux builder for power, little endian/9.0_ppc64le
- version/red hat codeready linux builder for power, little endian/9.2_ppc64le
- canonical/red hat codeready linux builder for arm 64
- version/red hat codeready linux builder for arm 64/9.0_aarch64
- version/red hat codeready linux builder for arm 64/9.2_aarch64
- canonical/red hat codeready linux builder for arm 64 - extended update support
- version/red hat codeready linux builder for arm 64 - extended update support/9.4_aarch64
- canonical/red hat codeready linux builder for ibm z systems
- version/red hat codeready linux builder for ibm z systems/9.0_s390x
- version/red hat codeready linux builder for ibm z systems/9.2_s390x
- canonical/red hat codeready linux builder for ibm z systems - extended update support
- version/red hat codeready linux builder for ibm z systems - extended update support/9.4_s390x
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- version/red hat enterprise linux/9.0
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/8.6
- version/red hat enterprise linux server eus/8.8
- version/red hat enterprise linux server eus/9.2
- version/red hat enterprise linux server eus/9.4
- version/red hat enterprise linux/8.0_aarch64
- version/red hat enterprise linux/9.0_aarch64
- version/red hat enterprise linux/9.2_aarch64
- canonical/red hat enterprise linux for arm64 eus
- version/red hat enterprise linux for arm64 eus/8.6_aarch64
- version/red hat enterprise linux for arm64 eus/8.8_aarch64
- version/red hat enterprise linux for arm64 eus/9.4_aarch64
- canonical/red hat enterprise linux for ibm z systems
- version/red hat enterprise linux for ibm z systems/8.0_s390x
- version/red hat enterprise linux for ibm z systems/9.0_s390x
- version/red hat enterprise linux for ibm z systems/9.2_s390x
- canonical/red hat enterprise linux for ibm z systems (s390x)
- version/red hat enterprise linux for ibm z systems (s390x)/8.6_s390x
- version/red hat enterprise linux for ibm z systems (s390x)/8.8_s390x
- version/red hat enterprise linux for ibm z systems (s390x)/9.4_s390x
- canonical/red hat enterprise linux for power, little endian
- version/red hat enterprise linux for power, little endian/8.0_ppc64le
- version/red hat enterprise linux for power, little endian/9.0_ppc64le
- version/red hat enterprise linux for power, little endian/9.2_ppc64le
- canonical/red hat enterprise linux for power, little endian - extended update support
- version/red hat enterprise linux for power, little endian - extended update support/8.6_ppc64le
- version/red hat enterprise linux for power, little endian - extended update support/8.8_ppc64le
- version/red hat enterprise linux for power, little endian - extended update support/9.4_ppc64le
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/8.2
- version/red hat enterprise linux server/8.4
- version/red hat enterprise linux server/8.6
- version/red hat enterprise linux server/9.2
- version/red hat enterprise linux server/9.4
- canonical/red hat enterprise linux for sap applications for power, little endian - extended update support
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/8.2_ppc64le
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/8.4_ppc64le
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/8.6_ppc64le
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/8.8_ppc64le
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/9.2_ppc64le
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/9.4_ppc64le
- version/red hat enterprise linux server/8.8
- vendor/ibm
- canonical/ibm security qradar
- version/ibm security qradar/7.5 - 7.5.0 up8 if01