Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses

Filter by:

With package: lua51Packages.luaunbound

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2024-1488

8.0 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 year, 2 months ago

Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.

References

RHSA-2024:1750 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:1751 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:1780 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:1801 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:1802 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:1804 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:2587 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:2696 vendor-advisoryx_refsource_REDHATx_transferred
https://access.redhat.com/security/cve/CVE-2024-1488 x_transferredvdb-entryx_refsource_REDHAT
RHBZ#2264183 issue-trackingx_transferredx_refsource_REDHAT
RHSA-2025:0837 vendor-advisoryx_refsource_REDHAT

Affected products

unbound

==1.16.2
*
==1.19.1-2.fc40

Matching in nixpkgs

pkgs.unbound

Validating, recursive, and caching DNS resolver

nixos-unstable 1.21.1
- nixpkgs-unstable 1.21.1
- nixos-unstable-small 1.21.1

pkgs.unbound-full

Validating, recursive, and caching DNS resolver

nixos-unstable 1.21.1
- nixpkgs-unstable 1.21.1
- nixos-unstable-small 1.21.1

pkgs.unbound-with-systemd

Validating, recursive, and caching DNS resolver

nixos-unstable 1.21.1
- nixpkgs-unstable 1.21.1
- nixos-unstable-small 1.21.1

pkgs.luaPackages.luaunbound

A binding to libunbound

nixos-unstable 1.0.0-1
- nixpkgs-unstable 1.0.0-1
- nixos-unstable-small 1.0.0-1

pkgs.lua51Packages.luaunbound

A binding to libunbound

nixos-unstable 1.0.0-1
- nixpkgs-unstable 1.0.0-1
- nixos-unstable-small 1.0.0-1

pkgs.lua52Packages.luaunbound

A binding to libunbound

nixos-unstable 1.0.0-1

pkgs.lua53Packages.luaunbound

A binding to libunbound

nixos-unstable 1.0.0-1
- nixpkgs-unstable 1.0.0-1
- nixos-unstable-small 1.0.0-1

pkgs.lua54Packages.luaunbound

A binding to libunbound

nixos-unstable 1.0.0-1
- nixpkgs-unstable 1.0.0-1
- nixos-unstable-small 1.0.0-1

pkgs.luajitPackages.luaunbound

A binding to libunbound

nixos-unstable 1.0.0-1
- nixpkgs-unstable 1.0.0-1
- nixos-unstable-small 1.0.0-1

pkgs.prometheus-unbound-exporter

Prometheus exporter for Unbound DNS resolver

nixos-unstable 0.4.6
- nixpkgs-unstable 0.4.6
- nixos-unstable-small 0.4.6

pkgs.python311Packages.pyunbound

Python library for Unbound, the validating, recursive, and caching DNS resolver

nixos-unstable 1.21.1
- nixpkgs-unstable 1.21.1
- nixos-unstable-small 1.21.1

pkgs.python312Packages.pyunbound

Python library for Unbound, the validating, recursive, and caching DNS resolver

nixos-unstable 1.21.1
- nixpkgs-unstable 1.21.1
- nixos-unstable-small 1.21.1

pkgs.haskellPackages.unbounded-delays

Unbounded thread delays and timeouts

nixos-unstable 0.1.1.1
- nixpkgs-unstable 0.1.1.1
- nixos-unstable-small 0.1.1.1

Package maintainers

@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@leenaars Michiel Leenaars <ml.software@leenaa.rs>

1