CVE-2020-28935Link Following in Unbound

CWE-59Link Following10 documents9 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 77.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Nlnetlabs NSDNlnetlabs UnboundNlnetlabs Name Server Daemon+3 more
Timeline
PublishedDec 7
Latest updateMay 24

Description

NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was w

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDnlnetlabs/unbound< 1.13.0
Debiannlnetlabs/unbound< 1.13.0-1+3
CVEListV5nlnet_labs/unbound1.12.0
NVDnlnetlabs/name< 4.3.4
Debiannlnetlabs/nsd< 4.3.4-1+3

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
GHSA
GHSA-q92f-7cwj-w4w5: NLnet Labs Unbound, up to and including version 12022-05-24
OSV
CVE-2020-28935: NLnet Labs Unbound, up to and including version 12020-12-07
CVEList
Local symlink attack in Unbound and NSD2020-12-07

📋Vendor Advisories

4
Ubuntu
Unbound vulnerabilities2021-05-06
Microsoft
Local symlink attack in Unbound and NSD2020-12-08
Red Hat
unbound: symbolic link traversal when writing PID file2020-09-09
Debian
CVE-2020-28935: nsd - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up t...2020

💬Community

2
Bugzilla
CVE-2020-28935 unbound: symbolic link traversal when writing PID file2020-09-14
Bugzilla
CVE-2020-28935 unbound: symbolic link traversal when writing PID file [fedora-all]2020-09-14
CVE-2020-28935 — Link Following in Nlnetlabs Unbound | cvebase