DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

    A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which     can lead to memory corruption.This issue could allow an attacker with local access to provide specially     crafted input, potentially causing the application to crash or allowing arbitrary code execution.This     could result in a denial of service or unauthorized actions on the system.(CVE-2024-43168)

Tenable has extracted the preceding description block directly from the EulerOS unbound security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-760 advisory.

    unbound: NULL Pointer Dereference in Unbound (CVE-2024-43167)

    unbound: Heap-Buffer-Overflow in Unbound (CVE-2024-43168)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

    A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could     allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When     certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the     program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of     service by causing the application to terminate unexpectedly.(CVE-2024-43167)

    A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which     can lead to memory corruption. This issue could allow an attacker with local access to provide specially     crafted input, potentially causing the application to crash or allowing arbitrary code execution. This     could result in a denial of service or unauthorized actions on the system.(CVE-2024-43168)

Tenable has extracted the preceding description block directly from the EulerOS unbound security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

    A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which     can lead to memory corruption.This issue could allow an attacker with local access to provide specially     crafted input, potentially causing the application to crash or allowing arbitrary code execution.This     could result in a denial of service or unauthorized actions on the system.(CVE-2024-43168)

    A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound.This issue could allow     an attacker who can invoke specific sequences of API calls to cause a segmentation fault.When certain API     functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program     attempts to read from a NULL pointer, leading to a crash.This issue can result in a denial of service by     causing the application to terminate unexpectedly.(CVE-2024-43167)

Tenable has extracted the preceding description block directly from the EulerOS unbound security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3903 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3903-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                       Daniel Leidert     September 29, 2024                            https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : unbound     Version        : 1.13.1-1+deb11u3     CVE ID         : CVE-2024-43167 CVE-2024-43168     Debian Bug     : 1078647

    Two vulnerabilities were discovered in unbound, a validating,     recursive, caching DNS resolver. Specially crafted input could cause a     heap-buffer-overflow leading to memory corruption and potentially     causing the application to crash or allowing arbitrary code execution     (CVE-2024-43168). A NULL pointer dereference flaw could allow an     attacker who can invoke specific sequences of API calls to cause a     segmentation fault and a denial of service (CVE-2024-43167).

    For Debian 11 bullseye, these problems have been fixed in version     1.13.1-1+deb11u3.

    We recommend that you upgrade your unbound packages.

    For the detailed security status of unbound please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/unbound

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

    Attachment:
    signature.asc     Description: This is a digitally signed message part

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of unbound installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43168 advisory.

  - A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which     can lead to memory corruption. This issue could allow an attacker with local access to provide specially     crafted input, potentially causing the application to crash or allowing arbitrary code execution. This     could result in a denial of service or unauthorized actions on the system. (CVE-2024-43168)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6998-1 advisory.

    It was discovered that Unbound incorrectly handled string comparisons, which could lead to a NULL pointer     dereference. An attacker could

    potentially use this issue to cause a denial of service. (CVE-2024-43167)

    It was discovered that Unbound incorrectly handled memory in

    cfg_mark_ports, which could lead to a heap buffer overflow. A local

    attacker could potentially use this issue to cause a denial of service or execute arbitrary code.
    (CVE-2024-43168)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

An update of the unbound package has been released.

ID	Name	Product	Family	Severity
211812	EulerOS 2.0 SP12 : unbound (EulerOS-SA-2024-2924)	Nessus	Huawei Local Security Checks	medium
211802	EulerOS 2.0 SP12 : unbound (EulerOS-SA-2024-2930)	Nessus	Huawei Local Security Checks	medium
211366	Amazon Linux 2023 : python3-unbound, unbound, unbound-anchor (ALAS2023-2024-760)	Nessus	Amazon Linux Local Security Checks	medium
210681	EulerOS 2.0 SP9 : unbound (EulerOS-SA-2024-2840)	Nessus	Huawei Local Security Checks	medium
210672	EulerOS 2.0 SP10 : unbound (EulerOS-SA-2024-2897)	Nessus	Huawei Local Security Checks	medium
210660	EulerOS 2.0 SP9 : unbound (EulerOS-SA-2024-2822)	Nessus	Huawei Local Security Checks	medium
210635	EulerOS 2.0 SP10 : unbound (EulerOS-SA-2024-2917)	Nessus	Huawei Local Security Checks	medium
207902	Debian dla-3903 : libunbound-dev - security update	Nessus	Debian Local Security Checks	medium
207032	CBL Mariner 2.0 Security Update: unbound (CVE-2024-43168)	Nessus	MarinerOS Local Security Checks	medium
206979	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Unbound vulnerabilities (USN-6998-1)	Nessus	Ubuntu Local Security Checks	medium
206094	Photon OS 4.0: Unbound PHSA-2024-4.0-0671	Nessus	PhotonOS Local Security Checks	medium
206092	Photon OS 5.0: Unbound PHSA-2024-5.0-0352	Nessus	PhotonOS Local Security Checks	medium

Detections

Analytics

CVE-2024-43168

medium

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium