{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-29T23:06:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20191119 CVE-2019-18934 Unbound: Vulnerability in IPSEC module", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/11/19/1"}, {"tags": ["x_refsource_MISC"], "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/NLnetLabs/unbound/blob/release-1.9.5/doc/Changelog"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released/"}, {"name": "FEDORA-2019-a29e620cd4", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK/"}, {"name": "openSUSE-SU-2020:0912", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"}, {"name": "openSUSE-SU-2020:0913", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-18934", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20191119 CVE-2019-18934 Unbound: Vulnerability in IPSEC module", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/11/19/1"}, {"name": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt", "refsource": "MISC", "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt"}, {"name": "https://github.com/NLnetLabs/unbound/blob/release-1.9.5/doc/Changelog", "refsource": "MISC", "url": "https://github.com/NLnetLabs/unbound/blob/release-1.9.5/doc/Changelog"}, {"name": "https://www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released/", "refsource": "CONFIRM", "url": "https://www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released/"}, {"name": "FEDORA-2019-a29e620cd4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK/"}, {"name": "openSUSE-SU-2020:0912", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"}, {"name": "openSUSE-SU-2020:0913", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:02:39.825Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20191119 CVE-2019-18934 Unbound: Vulnerability in IPSEC module", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/11/19/1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/NLnetLabs/unbound/blob/release-1.9.5/doc/Changelog"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released/"}, {"name": "FEDORA-2019-a29e620cd4", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK/"}, {"name": "openSUSE-SU-2020:0912", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"}, {"name": "openSUSE-SU-2020:0913", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-18934", "datePublished": "2019-11-19T17:30:01", "dateReserved": "2019-11-13T00:00:00", "dateUpdated": "2024-08-05T02:02:39.825Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*", "matchCriteriaId": "37721642-A2DA-4326-8D2C-8640D99EC472", "versionEndIncluding": "1.9.4", "versionStartIncluding": "1.6.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration."}, {"lang": "es", "value": "Unbound versiones 1.6.4 hasta 1.9.4, contiene una vulnerabilidad en el m\u00f3dulo ipsec que puede causar una ejecuci\u00f3n de c\u00f3digo de shell despu\u00e9s de recibir una respuesta especialmente dise\u00f1ada. Este problema solo puede ser activado si unbound fue compilado con el soporte \"--enable-ipsecmod\", e ipsecmod est\u00e1 habilitado y usado en la configuraci\u00f3n."}], "id": "CVE-2019-18934", "lastModified": "2023-11-07T03:07:18.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-19T18:15:10.523", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/11/19/1"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/NLnetLabs/unbound/blob/release-1.9.5/doc/Changelog"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:1716", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "unbound-0:1.7.3-10.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}], "bugzilla": {"description": "unbound: command injection with data coming from a specially crafted IPSECKEY answer", "id": "1776762", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776762"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-78", "details": ["Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.", "A shell command injection vulnerability was discovered in the way unbound handles DNS queries for systems with a public key used for IPsec. When ipsecmod is enabled, a malicious DNS server could send a DNS reply which would be used during a following DNS query to execute shell commands with the privileges of the unbound process. The same attack could be performed by an attacker who can modify data transmitted over the network, before it reaches the unbound server, if DNSSEC is not used."], "mitigation": {"lang": "en:us", "value": "* Do not enable ipsecmod in the unbound.conf configuration file nor via unbound-control, if DNSSEC based Opportunistic IPsec is not used.\n* Use the `username` option in unbound.conf to make unbound drop privileges and reduce the impact of a successful attack.\n* Enable SELinux to prevent unbound from executing shell commands, apart from the expected one specified in the `ipsecmod-hook` option."}, "name": "CVE-2019-18934", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "unbound", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "unbound", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2019-11-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-18934\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18934\nhttps://nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt\nhttps://www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released/"], "statement": "The versions of unbound as shipped in Red Hat Enterprise Linux 7 and 8 have `ipsecmod` disabled by default, even though it could be activated through the unbound-control command, it would only be executable by high-privilege users. Moreover, the `username` option is enabled, reducing the impact of a successful attack, and DNSSEC is used by default, preventing an attacker from modifying DNS packets on the wire. Finally, the default SELinux policies prevent unbound from running any shell command.", "threat_severity": "Moderate", "upstream_fix": "unbound 1.9.5"}