CVE-2014-8602

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.

References

http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html

http://unbound.net/downloads/patch_cve_2014_8602.diff

http://www.debian.org/security/2014/dsa-3097

http://www.kb.cert.org/vuls/id/264212

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/71589

http://www.ubuntu.com/usn/USN-2484-1

https://unbound.net/downloads/CVE-2014-8602.txt

Details

Source: MITRE

Published: 2014-12-11

Updated: 2016-11-28

Type: CWE-399

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
87870Unbound < 1.5.1 Delegation Handling Recursive Referral Handling Resource Exhaustion DoSNessusDNS
medium
87577Scientific Linux Security Update : unbound on SL7.x x86_64 (20151119)NessusScientific Linux Local Security Checks
medium
87159CentOS 7 : unbound (CESA-2015:2455)NessusCentOS Local Security Checks
medium
87041Oracle Linux 7 : unbound (ELSA-2015-2455)NessusOracle Linux Local Security Checks
medium
86991RHEL 7 : unbound (RHSA-2015:2455)NessusRed Hat Local Security Checks
medium
82091Debian DLA-107-1 : unbound security updateNessusDebian Local Security Checks
medium
81019Ubuntu 14.04 LTS / 14.10 : unbound vulnerability (USN-2484-1)NessusUbuntu Local Security Checks
medium
80246openSUSE Security Update : unbound (openSUSE-SU-2014:1688-1)NessusSuSE Local Security Checks
medium
80231F5 Networks BIG-IP : Unbound vulnerability (SOL15931)NessusF5 Networks Local Security Checks
medium
80142Fedora 20 : unbound-1.5.1-2.fc20 (2014-16671)NessusFedora Local Security Checks
medium
80140Fedora 21 : unbound-1.5.1-2.fc21 (2014-16647)NessusFedora Local Security Checks
medium
79884Debian DSA-3097-1 : unbound - security updateNessusDebian Local Security Checks
medium
79810FreeBSD : unbound -- can be tricked into following an endless series of delegations, this consumes a lot of resources (10d73529-7f4b-11e4-af66-00215af774f0)NessusFreeBSD Local Security Checks
medium