Bug 1202031 - (CVE-2022-30699) VUL-0: CVE-2022-30699: unbound: Novel "ghost domain names" attack by updating almost expired delegation information
(CVE-2022-30699)
VUL-0: CVE-2022-30699: unbound: Novel "ghost domain names" attack by updating...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Stefano Torresi
Security Team bot
https://smash.suse.de/issue/338557/
CVSSv3.1:SUSE:CVE-2022-30699:5.6:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-08-01 13:59 UTC by Robert Frohl
Modified: 2022-11-10 12:05 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
stoyan.manolov: needinfo? (rtorreromarijnissen)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2022-08-01 13:59:27 UTC
Novel "ghost domain names" attack by updating almost expired delegation information

Date:	2022-08-01
CVE:	CVE-2022-30699
Credit:	Xiang Li (Network and Information Security Lab, Tsinghua University)
Affects:	Unbound up to and including version 1.16.1
Not affected:	Other versions
Severity:	Medium
Impact:	Remote attackers can trigger continued resolvability of revoked domain names
Solution:	Download patched version of Unbound, or apply the patch manually

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.

Unbound 1.16.2 contains a patch. If you cannot upgrade you can also apply the patch manually. To do this, apply the patch on the Unbound source directory with patch -p1 < patch_CVE-2022-30698_CVE-2022-30699.diff and then run make install to install Unbound.

This is a shared patch with CVE-2022-30698 below
Comment 2 OBSbugzilla Bot 2022-08-01 16:40:08 UTC
This is an autogenerated message for OBS integration:
This bug (1202031) was mentioned in
https://build.opensuse.org/request/show/992044 Factory / unbound