SB2021051029 - Multiple vulnerabilities in Unbound DNS Server

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021051029

SB2021051029 - Multiple vulnerabilities in Unbound DNS Server

Published: May 10, 2021

Security Bulletin ID SB2021051029
Severity
High
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 58% Medium 42%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Integer overflow (CVE-ID: CVE-2019-25033)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in regional allocator. A remote attacker can pass specially crafted data to the server via the ALIGN_UP macro, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Integer overflow (CVE-ID: CVE-2019-25034)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the sldns_str2wire_dname_buf_origin() function. A remote attacker can pass specially crafted data to the server, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Reachable Assertion (CVE-ID: CVE-2019-25036)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the synth_cname() function. A remote attacker can send specially crafted data to the server, trigger an assertion failure and perform a DoS attack.


4) Reachable Assertion (CVE-ID: CVE-2019-25037)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the dname_pkt_copy() function. A remote attacker can send specially crafted packets to the DNS server, trigger an assertion failure and perform a DoS attack.


5) Integer overflow (CVE-ID: CVE-2019-25032)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the regional_alloc() function. A remote attacker can pass specially crafted data to the server, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


6) Reachable Assertion (CVE-ID: CVE-2019-25041)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the dname_pkt_copy() function when processing compressed names. A remote attacker can send specially crafted data to the DNS server, trigger an assertion failure and perform a denial of service (DoS) attack.


7) Out-of-bounds write (CVE-ID: CVE-2019-25042)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the rdata_copy() function. A remote attacker can send specially crafted data to the DNS server, trigger out-of-bounds write and execute arbitrary code on the target system.


8) Integer overflow (CVE-ID: CVE-2019-25039)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in respip/respip.c. A remote attacker can pass specially crafted data to the server, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


9) Integer overflow (CVE-ID: CVE-2019-25038)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in dnscrypt/dnscrypt.c. A remote attacker can pass specially crafted data to the Unbound DNS server, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


10) Infinite loop (CVE-ID: CVE-2019-25040)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the dname_pkt_copy() function when processing compressed names. A remote attacker can consume all available system resources and cause denial of service conditions.


11) Out-of-bounds write (CVE-ID: CVE-2019-25035)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the sldns_bget_token_par() function in sldns/parse.c. A remote attacker can send specially crafted data to the DNS server, trigger out-of-bounds write and execute arbitrary code on the target system.


12) Code injection (CVE-ID: CVE-2019-25031)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper input validation within the contrib/create_unbound_ad_servers.sh script, when retrieving data before writing them into a configuration file. A remote non-authenticated attacker with ability to perform MitM attack can intercept and change Unbound configuration, as the input is retrieved via unencrypted HTTP channel.


Remediation

Install update from vendor's website.

References