PT-2022-4985 · Nlnet+10 · Unbound+10

Xiang Li

·

Published

2022-05-13

·

Updated

2024-06-15

·

CVE-2022-30698

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions 1.16.1 and earlier
Description The issue is related to a novel type of "ghost domain names" attack, where an Unbound instance is targeted. This attack works by querying Unbound for a subdomain of a rogue domain name, causing the rogue nameserver to return delegation information that updates Unbound's delegation cache. This process can be repeated, keeping a rogue domain name resolvable long after revocation. The vulnerability is also described as being related to insufficient input validation, which can allow a remote attacker to cause a denial of service.
Recommendations For NLnet Labs Unbound versions 1.16.1 and earlier, update to version 1.16.2 to fix the issue and protect against the "ghost domain names" attack. This update stores the start time for a query and uses that to decide if the cached delegation information can be overwritten, preventing the exploitation of this vulnerability.

Fix

Insufficient Session Expiration

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-613CWE-20

Related Identifiers

ALSA-2022:7622
ALSA-2022:8062
ALT-PU-2022-2656
ALT-PU-2022-2684
ALT-PU-2022-2700
ALT-PU-2023-7205
AZL-10452
BDU:2022-06188
BDU:2023-03845
CESA-2022_7622
CVE-2022-30698
DLA-3371-1
MGASA-2022-0303
OESA-2022-1836
OPENSUSE-SU-2024:12235-1
RHSA-2022:7622
RHSA-2022:8062
RHSA-2022_7622
RHSA-2022_8062
RHSA-2024:2045
RLSA-2022:7622
RLSA-2022:8062
SUSE-SU-2024:1923-1
SUSE-SU-2024:1991-1
SUSE-SU-2024:1991-2
USN-5569-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Unbound