Unbound < 1.5.1 Delegation Handling Recursive Referral Handling Resource Exhaustion DoS
medium Nessus Plugin ID 87870
Language:
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote name server is affected by a denial of service vulnerability.Description
According to its self-reported version number, the remote Unbound DNS resolver is affected by a denial of service vulnerability in the Domain Name Service due to improper handling of a maliciously-constructed zone or queries from a rogue server. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause the service to issue unlimited queries in an attempt to follow a delegation, resulting in a denial of service condition.Solution
Upgrade to Unbound version 1.5.1 or later. Alternatively, apply the patch provided by the vendor.See Also
https://nlnetlabs.nl/downloads/unbound/CVE-2014-8602.txt
https://nlnetlabs.nl/downloads/unbound/patch_cve_2014_8602.diff
Plugin Details
Severity: Medium
ID: 87870
File Name: unbound_1_5_1.nasl
Version: 1.4
Type: remote
Family: DNS
Published: 1/12/2016
Updated: 11/15/2018
Dependencies: unbound_version.nasl
Configuration: Enable paranoid mode
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Temporal Vector: E:U/RL:OF/RC:C
Vulnerability Information
CPE: cpe:/a:unbound:unbound
Required KB Items: Settings/ParanoidReport, unbound/version
Exploit Ease: No known exploits are available
Patch Publication Date: 12/8/2011
Vulnerability Publication Date: 12/8/2014
Reference Information
CVE: CVE-2014-8602
BID: 71589
CERT: 264212