oss-sec mailing list archives
CVE-2019-18934 Unbound: Vulnerability in IPSEC module
From: Ralph Dolmans <ralph () nlnetlabs nl>
Date: Tue, 19 Nov 2019 18:44:29 +0800
Hi, Below is a copy of Unbound's CVE description that can be found at https://nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt Regards, Ralph == The CVE number for this vulnerability is CVE-2019-18934 == Summary Recent versions of Unbound contain a vulnerability that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration. == Affected products Unbound 1.6.4 up to and including 1.9.4. == Description Due to unsanitized characters passed to the ipsecmod-hook shell command, it is possible for Unbound to allow shell code execution from a specially crafted IPSECKEY answer. This issue can only be triggered when *all* of the below conditions are met: * unbound was compiled with `--enable-ipsecmod` support, and * ipsecmod is enabled and used in the configuration (either in the configuration file or using `unbound-control`), and * a domain is part of the ipsecmod-whitelist (if ipsecmod-whitelist is used), and * unbound receives an A/AAAA query for a domain that has an A/AAAA record(s) *and* an IPSECKEY record(s) available. The shell code execution can then happen if either the qname or the gateway field of the IPSECKEY (when gateway type == 3) contain a specially crafted domain name. == Solution Download patched version of Unbound, or apply the patch manually. + Downloading patched version Unbound 1.9.5 is released with the patch https://nlnetlabs.nl/downloads/unbound/unbound-1.9.5.tar.gz + Applying the Patch manually For Unbound 1.6.4 up to and including 1.9.4 the patch is: https://nlnetlabs.nl/downloads/unbound/patch_cve_2019-18934.diff Apply the patch on the Unbound source directory with: 'patch -p1 < patch_cve_2019-18934.diff' then run 'make install' to install Unbound. == Acknowledgments We would like to thank X41 D-Sec for notifying us about this vulnerability and OSTIF for sponsoring the Unbound security audit.
Current thread:
- CVE-2019-18934 Unbound: Vulnerability in IPSEC module Ralph Dolmans (Nov 19)