Oval Definition:oval:org.opensuse.security:def:202028935
Revision Date:2023-06-22Version:1
Title:CVE-2020-28935
Description:

NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2020-28935
SUSE CVE-2020-28935
openSUSE-SU-2020:2222-1
SUSE-SU-2022:0176-1
SUSE-SU-2022:0176-2
SUSE-SU-2022:0301-1
openSUSE-SU-2022:0176-1
Platform(s):openSUSE Leap 15.2
openSUSE Leap 15.3
openSUSE Tumbleweed
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15 SP1
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise Desktop 15 SP4
SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Module for Basesystem 15 SP3
SUSE Linux Enterprise Module for Basesystem 15 SP4
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Linux Enterprise Real Time 15 SP2
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server 15 SP1-BCL
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server 15 SP2-BCL
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE Linux Enterprise Storage 6
SUSE Linux Enterprise Storage 7
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.0
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.0
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.0
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
SUSE Package Hub for SUSE Linux Enterprise 12
SUSE Package Hub for SUSE Linux Enterprise 15 SP1
SUSE Package Hub for SUSE Linux Enterprise 15 SP2
Product(s):
Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed
  • AND nsd-4.1.27-bp151.3.3.1 is installed
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • libunbound8-1.13.2-1.2 is installed
  • OR nsd-4.3.7-1.2 is installed
  • OR python3-unbound-1.13.2-1.2 is installed
  • OR unbound-1.13.2-1.2 is installed
  • OR unbound-anchor-1.13.2-1.2 is installed
  • OR unbound-devel-1.13.2-1.2 is installed
  • OR unbound-munin-1.13.2-1.2 is installed
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP2 is installed
  • AND nsd-4.3.4-bp152.2.3.1 is installed
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 12 is installed
  • AND nsd-4.3.4-8.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP2 is installed
  • AND nsd-4.3.4-bp152.2.3.1 is installed
  • OR Package Information
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed
  • AND nsd-4.1.27-bp151.3.3.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP3 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP3 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
  • OR SUSE Linux Enterprise Server 15 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
  • OR SUSE Linux Enterprise Storage 7.1 is installed
  • OR SUSE Manager Proxy 4.2 is installed
  • OR SUSE Manager Retail Branch Server 4.2 is installed
  • OR SUSE Manager Server 4.2 is installed
  • AND Package Information
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP1 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP1 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
  • OR SUSE Linux Enterprise Server 15 SP1 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • OR SUSE Linux Enterprise Storage 6 is installed
  • OR SUSE Manager Proxy 4.0 is installed
  • OR SUSE Manager Retail Branch Server 4.0 is installed
  • OR SUSE Manager Server 4.0 is installed
  • AND unbound is affected
  • OR Package Information
  • SUSE Linux Enterprise Desktop 15 SP3 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP3 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
  • OR SUSE Linux Enterprise Server 15 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
  • OR SUSE Linux Enterprise Storage 7.1 is installed
  • OR SUSE Manager Proxy 4.2 is installed
  • OR SUSE Manager Retail Branch Server 4.2 is installed
  • OR SUSE Manager Server 4.2 is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • nsd-4.3.4-lp152.2.3.1 is installed
  • AND nsd is signed with openSUSE key
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP1 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP1 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
  • OR SUSE Linux Enterprise Server 15 SP1 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • OR SUSE Linux Enterprise Storage 6 is installed
  • OR SUSE Manager Proxy 4.0 is installed
  • OR SUSE Manager Retail Branch Server 4.0 is installed
  • OR SUSE Manager Server 4.0 is installed
  • AND unbound is affected
  • OR Package Information
  • SUSE Linux Enterprise Server 15 SP1-LTSS is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
  • OR Package Information
  • SUSE CaaS Platform 4.0 is installed
  • OR SUSE Linux Enterprise Server 15 SP1-BCL is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP1 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP1 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
  • OR SUSE Linux Enterprise Server 15 SP1 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • OR SUSE Linux Enterprise Storage 6 is installed
  • OR SUSE Manager Proxy 4.0 is installed
  • OR SUSE Manager Retail Branch Server 4.0 is installed
  • OR SUSE Manager Server 4.0 is installed
  • AND unbound is affected
  • OR Package Information
  • SUSE Linux Enterprise Server 15 SP1-LTSS is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 15 SP1-BCL is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 15 SP2-LTSS is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Real Time 15 SP2 is installed
  • OR SUSE Linux Enterprise Server 15 SP2-BCL is installed
  • OR SUSE Manager Proxy 4.1 is installed
  • OR SUSE Manager Retail Branch Server 4.1 is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
  • OR Package Information
  • SUSE Manager Server 4.1 is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP3 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP3 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
  • OR SUSE Linux Enterprise Server 15 SP2-LTSS is installed
  • OR SUSE Linux Enterprise Server 15 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
  • OR SUSE Linux Enterprise Storage 7.1 is installed
  • OR SUSE Manager Proxy 4.2 is installed
  • OR SUSE Manager Retail Branch Server 4.2 is installed
  • OR SUSE Manager Server 4.2 is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
  • OR Package Information
  • SUSE Enterprise Storage 7 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Real Time 15 SP2 is installed
  • OR SUSE Linux Enterprise Server 15 SP2-BCL is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.3 is installed
  • AND Package Information
  • libunbound2-1.6.8-10.6.1 is installed
  • AND libunbound2 is signed with openSUSE key
  • OR
  • unbound-1.6.8-10.6.1 is installed
  • AND unbound is signed with openSUSE key
  • OR
  • unbound-anchor-1.6.8-10.6.1 is installed
  • AND unbound-anchor is signed with openSUSE key
  • OR
  • unbound-devel-1.6.8-10.6.1 is installed
  • AND unbound-devel is signed with openSUSE key
  • OR
  • unbound-munin-1.6.8-10.6.1 is installed
  • AND unbound-munin is signed with openSUSE key
  • OR
  • unbound-python-1.6.8-10.6.1 is installed
  • AND unbound-python is signed with openSUSE key
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP4 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP4 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP4 is installed
  • OR SUSE Linux Enterprise Server 15 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
  • OR SUSE Manager Proxy 4.3 is installed
  • OR SUSE Manager Retail Branch Server 4.3 is installed
  • OR SUSE Manager Server 4.3 is installed
  • AND Package Information
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 15 SP2-LTSS is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Real Time 15 SP2 is installed
  • OR SUSE Linux Enterprise Server 15 SP2-BCL is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • AND
  • libunbound2-1.6.8-10.6.1 is installed
  • OR unbound-anchor-1.6.8-10.6.1 is installed
  • OR unbound-devel-1.6.8-10.6.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND Package Information
  • libunbound2-1.6.8-150100.10.8.1 is installed
  • OR unbound-anchor-1.6.8-150100.10.8.1 is installed
  • OR unbound-devel-1.6.8-150100.10.8.1 is installed
    • BACK