libunbound.so is vulnerable to shell code execution. The attack is possible due to not proper handling of a malicious IPSECKEY
answer in the ipsec
. The vulnerability can only triggered when the following conditions are met: 1) compiled the library with --enable-ipsecmod
support, and ipsecmod
is enabled and used in the configuration (either in the configuration file or using unbound-control
), and 2) a domain is part of the ipsecmod-whitelist (if ipsecmod-whitelist is used), and 3) receives an A/AAAA query for a domain that has an A/AAAA record(s) and an IPSECKEY record(s) available.
lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html
lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html
www.openwall.com/lists/oss-security/2019/11/19/1
github.com/NLnetLabs/unbound/blob/release-1.9.5/doc/Changelog
lists.fedoraproject.org/archives/list/[email protected]/message/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK/
www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt
www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released/
www.openwall.com/lists/oss-security/2019/11/19/1