Source: unbound Version: 1.12.0-1 Severity: important Tags: security upstream Forwarded: https://github.com/NLnetLabs/unbound/issues/303 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for unbound. CVE-2020-28935[0]: | NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs | NSD, up to and including version 4.3.3, contain a local vulnerability | that would allow for a local symlink attack. When writing the PID | file, Unbound and NSD create the file if it is not there, or open an | existing file for writing. In case the file was already present, they | would follow symlinks if the file happened to be a symlink instead of | a regular file. An additional chown of the file would then take place | after it was written, making the user Unbound/NSD is supposed to run | as the new owner of the file. If an attacker has local access to the | user Unbound/NSD runs as, she could create a symlink in place of the | PID file pointing to a file that she would like to erase. If then | Unbound/NSD is killed and the PID file is not cleared, upon restarting | with root privileges, Unbound/NSD will rewrite any file pointed at by | the symlink. This is a local vulnerability that could create a Denial | of Service of the system Unbound/NSD is running on. It requires an | attacker having access to the limited permission user Unbound/NSD runs | as and point through the symlink to a critical file on the system. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-28935 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28935 [1] https://github.com/NLnetLabs/unbound/issues/303 [2] https://github.com/NLnetLabs/unbound/commit/ad387832979b6ce4c93f64fe706301cd7d034e87 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
