Bugzilla – Bug 1202031
VUL-0: CVE-2022-30699: unbound: Novel "ghost domain names" attack by updating almost expired delegation information
Last modified: 2024-08-01 07:26:40 UTC
Novel "ghost domain names" attack by updating almost expired delegation information Date: 2022-08-01 CVE: CVE-2022-30699 Credit: Xiang Li (Network and Information Security Lab, Tsinghua University) Affects: Unbound up to and including version 1.16.1 Not affected: Other versions Severity: Medium Impact: Remote attackers can trigger continued resolvability of revoked domain names Solution: Download patched version of Unbound, or apply the patch manually NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten. Unbound 1.16.2 contains a patch. If you cannot upgrade you can also apply the patch manually. To do this, apply the patch on the Unbound source directory with patch -p1 < patch_CVE-2022-30698_CVE-2022-30699.diff and then run make install to install Unbound. This is a shared patch with CVE-2022-30698 below
https://nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt https://nlnetlabs.nl/projects/unbound/security-advisories/
This is an autogenerated message for OBS integration: This bug (1202031) was mentioned in https://build.opensuse.org/request/show/992044 Factory / unbound
new maintainer
SUSE-SU-2024:1923-1: An update that solves five vulnerabilities and contains one feature can now be installed. Category: security (important) Bug References: 1202031, 1202033, 1203643, 1219823, 1219826 CVE References: CVE-2022-30698, CVE-2022-30699, CVE-2022-3204, CVE-2023-50387, CVE-2023-50868 Jira References: PED-8333 Maintenance Incident: [SUSE:Maintenance:34099](https://smelt.suse.de/incident/34099/) Sources used: openSUSE Leap 15.6 (src): unbound-1.20.0-150600.23.3.1, libunbound-devel-mini-1.20.0-150600.23.3.1 Basesystem Module 15-SP6 (src): unbound-1.20.0-150600.23.3.1 SUSE Package Hub 15 15-SP6 (src): unbound-1.20.0-150600.23.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1991-1: An update that solves five vulnerabilities and contains one feature can now be installed. Category: security (important) Bug References: 1202031, 1202033, 1203643, 1219823, 1219826 CVE References: CVE-2022-30698, CVE-2022-30699, CVE-2022-3204, CVE-2023-50387, CVE-2023-50868 Jira References: PED-8333 Maintenance Incident: [SUSE:Maintenance:34098](https://smelt.suse.de/incident/34098/) Sources used: SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): unbound-1.20.0-150100.10.13.1 SUSE Manager Proxy 4.3 (src): unbound-1.20.0-150100.10.13.1 SUSE Manager Retail Branch Server 4.3 (src): unbound-1.20.0-150100.10.13.1 SUSE Manager Server 4.3 (src): unbound-1.20.0-150100.10.13.1 SUSE Enterprise Storage 7.1 (src): unbound-1.20.0-150100.10.13.1 openSUSE Leap 15.5 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise Micro 5.5 (src): unbound-1.20.0-150100.10.13.1 Basesystem Module 15-SP5 (src): unbound-1.20.0-150100.10.13.1 SUSE Package Hub 15 15-SP5 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): unbound-1.20.0-150100.10.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
All done, closing.
SUSE-SU-2024:1991-2: An update that solves five vulnerabilities and contains one feature can now be installed. URL: https://www.suse.com/support/update/announcement/2024/suse-su-20241991-2 Category: security (important) Bug References: 1202031, 1202033, 1203643, 1219823, 1219826 CVE References: CVE-2022-30698, CVE-2022-30699, CVE-2022-3204, CVE-2023-50387, CVE-2023-50868 Jira References: PED-8333 Maintenance Incident: [SUSE:Maintenance:34098](https://smelt.suse.de/incident/34098/) Sources used: SUSE Linux Enterprise Micro 5.5 (src): unbound-1.20.0-150100.10.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.