CVE-2024-1488

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.

CVSS v3.0 7.3 HIGH

7.3^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:1750	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1750	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1751	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1751	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1780	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1780	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1801	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1801	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1802	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1802	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1804	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1804	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2587	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2587	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2696	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2696	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0837
https://access.redhat.com/security/cve/CVE-2024-1488	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-1488	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2264183	Issue Tracking Patch
https://bugzilla.redhat.com/show_bug.cgi?id=2264183	Issue Tracking Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:fedoraproject:unbound:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.2_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.2_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4_ppc64le:::::::*

History

30 Jan 2025, 22:15

Type	Values Removed	Values Added
CWE	~~CWE-276~~
References		() https://access.redhat.com/errata/RHSA-2025:0837 -

23 Jan 2025, 17:41

Type	Values Removed	Values Added
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2264183 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2264183 - Issue Tracking, Patch
References	~~() https://access.redhat.com/security/cve/CVE-2024-1488 -~~	() https://access.redhat.com/security/cve/CVE-2024-1488 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:2587 -~~	() https://access.redhat.com/errata/RHSA-2024:2587 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:1804 -~~	() https://access.redhat.com/errata/RHSA-2024:1804 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:1750 -~~	() https://access.redhat.com/errata/RHSA-2024:1750 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:1751 -~~	() https://access.redhat.com/errata/RHSA-2024:1751 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:1780 -~~	() https://access.redhat.com/errata/RHSA-2024:1780 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:1801 -~~	() https://access.redhat.com/errata/RHSA-2024:1801 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:1802 -~~	() https://access.redhat.com/errata/RHSA-2024:1802 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:2696 -~~	() https://access.redhat.com/errata/RHSA-2024:2696 - Third Party Advisory
First Time		Redhat codeready Linux Builder For Ibm Z Systems Eus Redhat enterprise Linux For Ibm Z Systems Eus Fedoraproject Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Redhat codeready Linux Builder Eus For Power Little Endian Redhat enterprise Linux Server Tus Redhat codeready Linux Builder Eus Redhat enterprise Linux For Ibm Z Systems Redhat codeready Linux Builder Redhat codeready Linux Builder For Ibm Z Systems Fedoraproject unbound Redhat enterprise Linux Server Aus Redhat enterprise Linux For Arm 64 Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux Redhat codeready Linux Builder For Arm64 Eus Redhat codeready Linux Builder For Arm64 Redhat enterprise Linux For Arm 64 Eus Redhat Redhat enterprise Linux Eus
CPE		cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.2_aarch64:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::* cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:::::::* cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.2_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:::::::* cpe:2.3:a:fedoraproject:unbound:::::::: cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::* cpe:2.3:a:redhat:codeready_linux_builder:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:::::::*
CWE		CWE-276
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.3

08 May 2024, 08:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:2696 -

30 Apr 2024, 20:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:2587 -

15 Apr 2024, 04:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:1801 - () https://access.redhat.com/errata/RHSA-2024:1804 - () https://access.redhat.com/errata/RHSA-2024:1802 -

11 Apr 2024, 12:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:1780 - () https://access.redhat.com/errata/RHSA-2024:1751 -

10 Apr 2024, 12:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:1750 -

15 Feb 2024, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-15 05:15

Updated : 2025-01-30 22:15

NVD link : CVE-2024-1488

Mitre link : CVE-2024-1488

JSON object : View

Products Affected

redhat

enterprise_linux_for_power_little_endian_eus
enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
codeready_linux_builder_eus_for_power_little_endian
enterprise_linux_for_arm_64
enterprise_linux_for_ibm_z_systems_eus
enterprise_linux_server_aus
codeready_linux_builder
enterprise_linux_for_ibm_z_systems
enterprise_linux_for_arm_64_eus
codeready_linux_builder_for_ibm_z_systems
enterprise_linux_server_tus
enterprise_linux_for_power_little_endian
codeready_linux_builder_for_ibm_z_systems_eus
codeready_linux_builder_for_arm64
enterprise_linux_eus
codeready_linux_builder_eus
enterprise_linux
codeready_linux_builder_for_arm64_eus

fedoraproject

unbound

CWE

No CWE.

7.3 /10