CVE-2024-1488

CVSS v3.1

8.0

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Name of the Vulnerable Software and Affected Versions Unbound (affected versions not specified)

Description A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276CWE-15

Related Identifiers

ALSA-2024:1750

ALSA-2024:1751

ALSA-2025:0837

BDU:2024-06601

CESA-2024_1751

CESA-2025_0837

CVE-2024-1488

INFSA-2024_1750

INFSA-2025_0837

OESA-2024-1210

RHSA-2024:1750

RHSA-2024:1751

RHSA-2024:1780

RHSA-2024:1801

RHSA-2024:1802

RHSA-2024:1804

RHSA-2024:2587

RHSA-2024:2696

RHSA-2024_1750

RHSA-2024_1751

RHSA-2025:0837

RHSA-2025_0837

RLSA-2024:1750

RLSA-2024:1751

RLSA-2025:0837

Affected Products

Almalinux

Centos

Red Hat

Red Os

Rocky Linux

Unbound

CVE-2024-1488

Weakness Enumeration

Related Identifiers

Affected Products

References · 54