CVE: CVE-2014-8602 - CVE-Search

CVE Details for CVE: CVE-2014-8602

Summary

iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.

Timestamps
Last major update	28-11-2016 - 19:13
Published	11-12-2014 - 02:59
Last modified	28-11-2016 - 19:13

References

Vulnerable Configurations

cpe:2.3:a:nlnetlabs:unbound:-:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:-:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.0:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.0:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.1:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.1:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.2:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.2:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.3:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.3:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.4:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.4:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.5:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.5:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.6:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.6:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.7:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.7:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.8:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.8:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.9:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.9:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.10:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.10:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.11:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.11:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.2.1:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.2.1:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.0:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.0:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.1:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.1:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.1:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.1:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.1:rc2:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.1:rc2:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.0:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.0:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.4:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.4:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.4:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.4:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.5:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.5:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.5:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.5:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.6:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.6:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.6:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.6:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.7:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.7:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.7:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.7:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.8:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.8:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.8:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.8:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.9:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.9:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.9:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.9:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.11:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.11:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.11:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.11:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.11:rc2:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.11:rc2:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.11:rc3:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.11:rc3:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.13:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.13:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.13:p2:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.13:p2:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.13:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.13:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.13:rc2:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.13:rc2:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.14:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.14:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.14:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.14:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.15:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.15:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.15:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.15:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.16:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.16:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.17:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.17:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.18:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.18:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.18:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.18:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.18:rc2:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.18:rc2:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.19:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.19:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.19:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.19:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.20:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.20:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.20:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.20:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.21:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.21:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.21:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.21:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.22:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.22:-:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.22:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.4.22:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.5.0:rc1:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

CAPEC

Click the CAPEC title to display a description

CWE

CWE-399

CVSS

Base

4.3

Impact

2.9

Exploitability

8.6

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

CVSS3

None

VIA4 references

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

redhat via4

advisories

bugzilla

id	1180995
title	unbound is installing files under /etc/tmpfiles.d/

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment unbound is earlier than 0:1.4.20-26.el7
oval oval:com.redhat.rhsa:tst:20152455001
comment unbound is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20152455002

AND

comment unbound-devel is earlier than 0:1.4.20-26.el7
oval oval:com.redhat.rhsa:tst:20152455003
comment unbound-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20152455004

AND
comment unbound-libs is earlier than 0:1.4.20-26.el7
oval oval:com.redhat.rhsa:tst:20152455005
comment unbound-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20152455006

AND

comment unbound-python is earlier than 0:1.4.20-26.el7
oval oval:com.redhat.rhsa:tst:20152455007
comment unbound-python is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20152455008

rhsa

id	RHSA-2015:2455
released	2015-11-19
severity	Low
title	RHSA-2015:2455: unbound security and bug fix update (Low)

rpms

unbound-0:1.4.20-26.el7
unbound-debuginfo-0:1.4.20-26.el7
unbound-devel-0:1.4.20-26.el7
unbound-libs-0:1.4.20-26.el7
unbound-python-0:1.4.20-26.el7

refmap via4

bid	71589
cert-vn	VU#264212
confirm	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://unbound.net/downloads/CVE-2014-8602.txt
debian	DSA-3097
misc	http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html http://unbound.net/downloads/patch_cve_2014_8602.diff
ubuntu	USN-2484-1