A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-02-15T05:04:13.994Z
Updated: 2024-09-16T18:13:32.593Z
Reserved: 2024-02-14T12:47:25.283Z
Link: CVE-2024-1488
Vulnrichment
Updated: 2024-08-01T18:40:21.182Z
NVD
Status : Awaiting Analysis
Published: 2024-02-15T05:15:10.257
Modified: 2024-05-08T08:15:37.870
Link: CVE-2024-1488
Redhat