#VU66547 Predictable from Observable State


Published: 2022-08-16

Vulnerability identifier: #VU66547

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-30699

CWE-ID: CWE-341

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Unbound
Server applications / DNS servers

Vendor: NLnet Labs

Description

The vulnerability allows a remote attacker to poison DNS cache.

The vulnerability exists due to the way Unbound handles delegation information expiration event. A remote attacker who controls a rouge DNS server can force the Unbound instance to cache incorrect information about domain delegation and permanently poison the DNS cache, e.g. perform the "ghost domain names" attack. 

The attack is perform when Unbound is queried for a rogue domain name, which cached delegation information is about to expire. The rogue nameserver delays the response until the cached delegation information expires. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Unbound: 1.0.0 - 1.16.1 rc1


CPE

External links
http://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability