A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2024-02-15T05:04:13.994Z
Updated: 2024-07-05T17:22:53.092Z
Reserved: 2024-02-14T12:47:25.283Z
Link: CVE-2024-1488
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-02-15T05:15:10.257
Modified: 2024-05-08T08:15:37.870
Link: CVE-2024-1488
JSON object: View
Redhat Information
No data.
CWE