CVE-2019-18934

Published: 19 November 2019

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.

Priority

High

CVSS 3 base score: 7.3

Status

Package Release Status
unbound
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.5)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not compiled)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not compiled)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not compiled)
Binaries built from this source package are in Universe and so are supported by the community.

Notes

AuthorNote
mdeslaur
only vulnerable if compiled with --enable-ipsecmod, which is
not the case on Ubuntu

References