Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 0.3%top 76%

Red Hat Security Advisory: unbound security update

0
High
Published: 04/10/2024 (04/10/2024, 10:04:09 UTC)
Source: GCVE Database
Vendor/Project: Red Hat Product Security
Product: Red Hat

Description

A vulnerability in the Unbound DNS resolver allows unprivileged local processes to modify its runtime configuration due to incorrect default permissions. This can enable alteration of forwarders, tracking of DNS queries, or disruption of DNS resolution. The issue arises from the default settings of the control interface and certificate usage. Red Hat has provided an update that introduces a new configuration file to restrict access and recommends verifying configurations with the 'unbound-control status' command. The vulnerability affects Red Hat Enterprise Linux 9 and related variants.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 06/25/2026, 22:52:38 UTC

Technical Analysis

CVE-2024-1488 describes a security flaw in Unbound where incorrect default permissions on the control interface allow any local process outside the unbound group to modify the running instance's configuration. Specifically, when 'control-use-cert' is set to 'no' combined with use of an IP address in 'control-interface', processes connecting to localhost on port 8953 can alter unbound's runtime settings. This can lead to manipulation of DNS forwarders, enabling query tracking or disruption of DNS resolution. Red Hat's advisory (RHSA-2024:1750) addresses this by adding a new configuration file '/etc/unbound/conf.d/remote-control.conf' with directives to restrict control access to a Unix socket and enforce certificate usage. Users are advised to update unbound and adjust configurations accordingly to mitigate the issue.

Potential Impact

An unprivileged local process can connect to the unbound control interface and modify its runtime configuration. This can allow attackers to change DNS forwarders, potentially enabling monitoring of DNS queries or causing DNS resolution failures. The impact is local privilege misuse leading to potential DNS manipulation and service disruption.

Mitigation Recommendations

Red Hat has released an updated version of unbound that includes a new configuration file '/etc/unbound/conf.d/remote-control.conf' which restricts control interface access to a Unix socket and enables certificate-based authentication. Users should update to this patched version. To verify vulnerability status, run 'unbound-control status | grep control'; output containing 'control(ssl)' or 'control(namedpipe)' indicates a non-vulnerable configuration. If vulnerable, add 'include: /etc/unbound/conf.d/remote-control.conf' to the end of '/etc/unbound/unbound.conf' or update custom remote-control.conf files with the new directives. Applying the update and configuration changes addresses the vulnerability.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Csaf Category
csaf_security_advisory
Csaf Version
2.0
Publisher
Red Hat Product Security
Advisory Id
RHSA-2024:1750
Cve Count
1
Additional Cves
[]
Cvss Version
null

Threat ID: 6a3da1fc4853345fc1835ccd

Added to database: 06/25/2026, 21:47:40 UTC

Last enriched: 06/25/2026, 22:52:38 UTC

Last updated: 07/02/2026, 20:51:13 UTC

Views: 4

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses