First published: Wed Feb 14 2024(Updated: )
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/unbound 1.19.1 | <2. | 2. |
libunbound | <1.19.1-2.fc40 | |
Red Hat CodeReady Linux Builder | =9.0 | |
Red Hat CodeReady Linux Builder | =9.2 | |
Red Hat CodeReady Linux Builder | =9.4 | |
Red Hat CodeReady Linux Builder for Power, little endian | =9.0_ppc64le | |
Red Hat CodeReady Linux Builder for Power, little endian | =9.2_ppc64le | |
Red Hat CodeReady Linux Builder for ARM 64 | =9.0_aarch64 | |
Red Hat CodeReady Linux Builder for ARM 64 | =9.2_aarch64 | |
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support | =9.4_aarch64 | |
Red Hat CodeReady Linux Builder for IBM z Systems | =9.0_s390x | |
Red Hat CodeReady Linux Builder for IBM z Systems | =9.2_s390x | |
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support | =9.4_s390x | |
Red Hat Enterprise Linux | =8.0 | |
Red Hat Enterprise Linux | =9.0 | |
Red Hat Enterprise Linux Server EUS | =8.6 | |
Red Hat Enterprise Linux Server EUS | =8.8 | |
Red Hat Enterprise Linux Server EUS | =9.2 | |
Red Hat Enterprise Linux Server EUS | =9.4 | |
Red Hat Enterprise Linux | =8.0_aarch64 | |
Red Hat Enterprise Linux | =9.0_aarch64 | |
Red Hat Enterprise Linux | =9.2_aarch64 | |
Red Hat Enterprise Linux for ARM64 EUS | =8.6_aarch64 | |
Red Hat Enterprise Linux for ARM64 EUS | =8.8_aarch64 | |
Red Hat Enterprise Linux for ARM64 EUS | =9.4_aarch64 | |
Red Hat Enterprise Linux for IBM Z Systems | =8.0_s390x | |
Red Hat Enterprise Linux for IBM Z Systems | =9.0_s390x | |
Red Hat Enterprise Linux for IBM Z Systems | =9.2_s390x | |
Red Hat Enterprise Linux for IBM Z Systems (s390x) | =8.6_s390x | |
Red Hat Enterprise Linux for IBM Z Systems (s390x) | =8.8_s390x | |
Red Hat Enterprise Linux for IBM Z Systems (s390x) | =9.4_s390x | |
Red Hat Enterprise Linux for Power, little endian | =8.0_ppc64le | |
Red Hat Enterprise Linux for Power, little endian | =9.0_ppc64le | |
Red Hat Enterprise Linux for Power, little endian | =9.2_ppc64le | |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.6_ppc64le | |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.8_ppc64le | |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =9.4_ppc64le | |
Red Hat Enterprise Linux Server | =8.2 | |
Red Hat Enterprise Linux Server | =8.4 | |
Red Hat Enterprise Linux Server | =8.6 | |
Red Hat Enterprise Linux Server | =9.2 | |
Red Hat Enterprise Linux Server | =9.4 | |
Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.2_ppc64le | |
Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.4_ppc64le | |
Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.6_ppc64le | |
Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.8_ppc64le | |
Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =9.2_ppc64le | |
Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =9.4_ppc64le | |
Red Hat Enterprise Linux Server | =8.2 | |
Red Hat Enterprise Linux Server | =8.4 | |
Red Hat Enterprise Linux Server | =8.6 | |
Red Hat Enterprise Linux Server | =8.8 | |
IBM Security QRadar | <=7.5 - 7.5.0 UP8 IF01 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-1488 has a medium severity due to its potential impact on system configuration.
To fix CVE-2024-1488, ensure the correct permissions are set for the unbound runtime configuration and update to the latest version of unbound.
CVE-2024-1488 affects several versions of IBM QRadar SIEM and specific versions of Red Hat Enterprise Linux.
CVE-2024-1488 can be exploited if an attacker has local access and can connect to unbound's service on localhost.
The vulnerability in CVE-2024-1488 arises from incorrect default permissions that allow unauthorized modifications to the unbound runtime configuration.