what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2020-28935

Status Candidate

Overview

NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.

Related Files

Red Hat Security Advisory 2022-0632-01
Posted Feb 23, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0632-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Issues addressed include denial of service, integer overflow, out of bounds write, and traversal vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2019-25032, CVE-2019-25034, CVE-2019-25035, CVE-2019-25036, CVE-2019-25037, CVE-2019-25038, CVE-2019-25039, CVE-2019-25040, CVE-2019-25041, CVE-2019-25042, CVE-2020-28935
SHA-256 | 4129d3fe40137263b996a692249adf7fca79ba11697ad33403cd958a6638260d
Download | Favorite | View
Red Hat Security Advisory 2021-1853-01
Posted May 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1853-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Issues addressed include denial of service, integer overflow, out of bounds write, and traversal vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2019-25032, CVE-2019-25034, CVE-2019-25035, CVE-2019-25036, CVE-2019-25037, CVE-2019-25038, CVE-2019-25039, CVE-2019-25040, CVE-2019-25041, CVE-2019-25042, CVE-2020-28935
SHA-256 | 250784152aa28481634d214a497218cad1bbf419a82373c1b16f53141935dbcd
Download | Favorite | View
Ubuntu Security Notice USN-4938-1
Posted May 6, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4938-1 - It was discovered that Unbound contained multiple security issues. A remote attacker could possibly use these issues to cause a denial of service, inject arbitrary commands, execute arbitrary code, and overwrite local files.

tags | advisory, remote, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2019-25031, CVE-2019-25035, CVE-2019-25039, CVE-2020-28935
SHA-256 | 54a6d8d64b2ff02f76daa157cff76e092dc434c7f8842ed4d5cd459159fbfa06
Download | Favorite | View
Gentoo Linux Security Advisory 202101-38
Posted Jan 29, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-38 - A vulnerability was discovered in NSD which could allow a local attacker to cause a Denial of Service condition. Versions less than 4.3.4 are affected.

tags | advisory, denial of service, local
systems | linux, gentoo
advisories | CVE-2020-28935
SHA-256 | 7d524441ccd8474adf4b85bdd76aa9cb9c85c2b7ff7a88a04dffde4e91306901
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close