CVE-2020-12662

MEDIUM

Description

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

References

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html

http://www.nxnsattack.com

http://www.openwall.com/lists/oss-security/2020/05/19/5

https://lists.fedoraproject.org/archives/list/[email protected]/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/

https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc

https://security.netapp.com/advisory/ntap-20200702-0006/

https://usn.ubuntu.com/4374-1/

https://www.debian.org/security/2020/dsa-4694

https://www.synology.com/security/advisory/Synology_SA_20_12

Details

Source: MITRE

Published: 2020-05-19

Updated: 2020-07-08

Type: CWE-674

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (35 total)

ID	Name	Product	Family	Severity
143965	NewStart CGSL CORE 5.04 / MAIN 5.04 : unbound Multiple Vulnerabilities (NS-SA-2020-0079)	Nessus	NewStart CGSL Local Security Checks	medium
142538	EulerOS Virtualization 3.0.6.6 : unbound (EulerOS-SA-2020-2454)	Nessus	Huawei Local Security Checks	medium
142292	EulerOS 2.0 SP2 : unbound (EulerOS-SA-2020-2403)	Nessus	Huawei Local Security Checks	medium
141196	RHEL 7 : unbound (RHSA-2020:4181)	Nessus	Red Hat Local Security Checks	medium
140825	EulerOS 2.0 SP3 : unbound (EulerOS-SA-2020-2058)	Nessus	Huawei Local Security Checks	medium
140341	EulerOS Virtualization for ARM 64 3.0.2.0 : unbound (EulerOS-SA-2020-1971)	Nessus	Huawei Local Security Checks	medium
140154	EulerOS 2.0 SP5 : unbound (EulerOS-SA-2020-1933)	Nessus	Huawei Local Security Checks	medium
140008	EulerOS Virtualization for ARM 64 3.0.6.0 : unbound (EulerOS-SA-2020-1905)	Nessus	Huawei Local Security Checks	medium
139160	EulerOS 2.0 SP8 : unbound (EulerOS-SA-2020-1830)	Nessus	Huawei Local Security Checks	medium
138770	NewStart CGSL MAIN 6.01 : unbound Multiple Vulnerabilities (NS-SA-2020-0037)	Nessus	NewStart CGSL Local Security Checks	medium
138719	openSUSE Security Update : unbound (openSUSE-2020-913)	Nessus	SuSE Local Security Checks	medium
138718	openSUSE Security Update : unbound (openSUSE-2020-912)	Nessus	SuSE Local Security Checks	medium
138313	SUSE SLES15 Security Update : unbound (SUSE-SU-2020:1819-1)	Nessus	SuSE Local Security Checks	medium
138302	SUSE SLED15 / SLES15 Security Update : unbound (SUSE-SU-2020:1772-1)	Nessus	SuSE Local Security Checks	medium
138233	F5 Networks BIG-IP : Unbound DNS Cache vulnerabilities (K37661551)	Nessus	F5 Networks Local Security Checks	medium
137770	Oracle Linux 6 : unbound (ELSA-2020-2640)	Nessus	Oracle Linux Local Security Checks	medium
137743	Scientific Linux Security Update : unbound on SL7.x x86_64 (20200622)	Nessus	Scientific Linux Local Security Checks	medium
137742	Scientific Linux Security Update : unbound on SL6.x i386/x86_64 (20200622)	Nessus	Scientific Linux Local Security Checks	medium
137706	RHEL 6 : unbound (RHSA-2020:2640)	Nessus	Red Hat Local Security Checks	medium
137329	Photon OS 2.0: Unbound PHSA-2020-2.0-0246	Nessus	PhotonOS Local Security Checks	medium
137294	Scientific Linux Security Update : unbound on SL7.x x86_64 (20200609)	Nessus	Scientific Linux Local Security Checks	medium
137289	Oracle Linux 8 : unbound (ELSA-2020-2416)	Nessus	Oracle Linux Local Security Checks	medium
137281	CentOS 7 : unbound (CESA-2020:2414)	Nessus	CentOS Local Security Checks	medium
137250	Oracle Linux 7 : unbound (ELSA-2020-2414)	Nessus	Oracle Linux Local Security Checks	medium
137239	RHEL 8 : unbound (RHSA-2020:2419)	Nessus	Red Hat Local Security Checks	medium
137238	RHEL 8 : unbound (RHSA-2020:2416)	Nessus	Red Hat Local Security Checks	medium
137236	RHEL 8 : unbound (RHSA-2020:2418)	Nessus	Red Hat Local Security Checks	medium
137204	RHEL 7 : unbound (RHSA-2020:2414)	Nessus	Red Hat Local Security Checks	medium
137111	Fedora 32 : unbound (2020-3cfd38fefd)	Nessus	Fedora Local Security Checks	medium
137096	Amazon Linux AMI : unbound (ALAS-2020-1373)	Nessus	Amazon Linux Local Security Checks	medium
136943	Ubuntu 18.04 LTS / 19.10 / 20.04 : Unbound vulnerabilities (USN-4374-1)	Nessus	Ubuntu Local Security Checks	medium
136937	Fedora 31 : unbound (2020-8e9b62948e)	Nessus	Fedora Local Security Checks	medium
136933	Debian DSA-4694-1 : unbound - security update	Nessus	Debian Local Security Checks	medium
136852	FreeBSD : unbound -- mutliple vulnerabilities (a2cb7c31-9c79-11ea-a9c2-d05099c0ae8c)	Nessus	FreeBSD Local Security Checks	medium
136753	Amazon Linux 2 : unbound (ALAS-2020-1430)	Nessus	Amazon Linux Local Security Checks	medium