#VU22593 Input validation error in Knot Resolver - CVE-2019-10191

Cybersecurity Help s.r.o.

Published: 2019-11-07

Vulnerability identifier: #VU22593

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-10191

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Knot Resolver
Server applications / Other server solutions

Vendor: Nic

Description

The vulnerability allows a remote attacker to hijack domain on the target system.

The vulnerability exists due to insufficient validation of user-supplied input in DNS resolver. A remote attacker can downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Knot Resolver: 1.0 - 4.0.0

External links
https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for knot-resolver

Input validation error in knot-resolver (Alpine package)

Input validation error in Knot Resolver

Fedora EPEL 7 update for knot, knot-resolver

Fedora 29 update for knot-resolver

Fedora 30 update for knot-resolver