CVE-2020-28935 (https://nvd.nist.gov/vuln/detail/CVE-2020-28935): A symbolic link traversal vulnerability was found in the way nsd and unbound writes its PID file while starting up. A local attacker with access to the nsd or unbound user could set up a link to another file, owned by root, and make unbound overwrite it during its next restart, destroying the original content.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a78fa865809db64d25774d96b36830cd0583c106 commit a78fa865809db64d25774d96b36830cd0583c106 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-12-08 07:32:40 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-12-08 07:32:48 +0000 net-dns/nsd: Security cleanup Bug: https://bugs.gentoo.org/758977 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-dns/nsd/Manifest | 2 - net-dns/nsd/nsd-4.2.4.ebuild | 116 ------------------------------------------- net-dns/nsd/nsd-4.3.3.ebuild | 116 ------------------------------------------- 3 files changed, 234 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2657c97364679bbd7112226f81c19935f8190b9e commit 2657c97364679bbd7112226f81c19935f8190b9e Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-12-08 07:32:05 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-12-08 07:32:48 +0000 net-dns/nsd: v4.3.4: Security stabilization for amd64 and x86 Bug: https://bugs.gentoo.org/758977 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-dns/nsd/nsd-4.3.4.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
GLSA opened.
This issue was resolved and addressed in GLSA 202101-38 at https://security.gentoo.org/glsa/202101-38 by GLSA coordinator Aaron Bauman (b-man).