CVE-2020-28935 : What You Need to Know
Learn about CVE-2020-28935, a vulnerability in NLnet Labs Unbound and NSD versions up to Unbound 1.12.0 and NSD 4.3.3. Discover the impact, affected systems, exploitation mechanism, and mitigation steps.
CVE-2020-28935, also known as 'Local symlink attack in Unbound and NSD,' is a vulnerability that affects NLnet Labs Unbound and NSD versions up to and including Unbound 1.12.0 and NSD 4.3.3. This vulnerability allows for a local symlink attack, potentially leading to a Denial of Service on the system.
Understanding CVE-2020-28935
This CVE involves a local vulnerability in Unbound and NSD that could be exploited by an attacker with local access to the limited permission user Unbound/NSD runs as.
What is CVE-2020-28935?
When writing the PID file, Unbound and NSD create or open an existing file for writing. If the file is a symlink, an attacker could point it to a critical file on the system, leading to potential data loss or system disruption.
The Impact of CVE-2020-28935
This vulnerability could result in a Denial of Service on the system where Unbound or NSD is running, if exploited by an attacker with local access to the user Unbound/NSD runs as.
Technical Details of CVE-2020-28935
This section provides more in-depth technical information about the vulnerability.
Vulnerability Description
Unbound and NSD versions up to Unbound 1.12.0 and NSD 4.3.3 are susceptible to a local symlink attack during the PID file writing process.
Affected Systems and Versions
- Vendor: NLnet Labs
- Affected Products: Unbound, NSD
- Vulnerable Versions: Unbound <= 1.12.0, NSD <= 4.3.3
Exploitation Mechanism
- Attackers with local access to the user Unbound/NSD runs as can create a symlink pointing to a critical file on the system, potentially leading to a Denial of Service.
Mitigation and Prevention
Protecting systems from CVE-2020-28935 requires immediate actions and long-term security practices.
Immediate Steps to Take
- Update Unbound and NSD to patched versions to mitigate the vulnerability.
- Monitor system logs for any suspicious activities related to symlink creation.
Long-Term Security Practices
- Implement the principle of least privilege to limit access rights for users and processes.
- Regularly review and update file permissions to prevent unauthorized access.
Patching and Updates
- Apply security patches provided by NLnet Labs for Unbound and NSD to address the symlink vulnerability.