ArchLinux: 202005-14: unbound: denial of service

    Date 01 Jun 2020
    Posted By LinuxSecurity Advisories
    The package unbound before version 1.10.1-1 is vulnerable to denial of service.
    Arch Linux Security Advisory ASA-202005-14
    Severity: High
    Date    : 2020-05-20
    CVE-ID  : CVE-2020-12662 CVE-2020-12663
    Package : unbound
    Type    : denial of service
    Remote  : Yes
    Link    :
    The package unbound before version 1.10.1-1 is vulnerable to denial of
    Upgrade to 1.10.1-1.
    # pacman -Syu "unbound>=1.10.1-1"
    The problems have been fixed upstream in version 1.10.1.
    - CVE-2020-12662 (denial of service)
    An issue has been found in unbound before 1.10.1, that makes it
    possible to have a single incoming query result in a large number of
    outgoing queries. This amplification makes it possible for Unbound to
    be used in a denial of service attack. The researchers discovering this
    called this attack the NXNSattack.This attack makes use of cache
    bypassing using random subdomains in the NSDNAME in NS records. When
    these delegation records are received during iteration, and the answer
    does not contain glue records, a resolver has to send out a query to
    the get the IP address for one of the names. When this query fails (for
    example because the random name does not exist) a resolver will try the
    next one. A large set of NS records with random names can result in a
    large number of outgoing queries going to the same target.
    - CVE-2020-12663 (denial of service)
    A security issue has been found in Unbound before, in the
    parser of received answers. Malformed answers received from upstream
    servers can result in Unbound entering an infinite loop and thereby
    becoming unresponsive.
    A remote attacker can use the recursor has an amplification vector to
    cause a denial of service via a crafted reply. In addition, a remote
    attacker can crash the application via a crafted request.

    LinuxSecurity Poll

    Are you considering making the switch to Purism's new Librem 14 Linux laptop to improve your security and privacy online?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"109","title":"Yes - the hardware kill switches and default ad blocking\/tracking protection sold me on it.","votes":"3","type":"x","order":"1","pct":37.5,"resources":[]},{"id":"110","title":"Not sure yet - I need to do more research.","votes":"4","type":"x","order":"2","pct":50,"resources":[]},{"id":"111","title":"No - I'm satisfied with my current laptop and have no security\/privacy concerns.","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200


    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.