Denial of Service : ISC BIND DoS Vulnerability (CVE-2023-2828)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.149839

Kategorie: Denial of Service

Titel: ISC BIND DoS Vulnerability (CVE-2023-2828) - Windows

Zusammenfassung: ISC BIND is prone to a denial of service (DoS) vulnerability.

Beschreibung: Summary:
ISC BIND is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
Every named instance configured to run as a recursive resolver
maintains a cache database holding the responses to the queries it has recently sent to
authoritative servers. The size limit for that cache database can be configured using the
max-cache-size statement in the configuration file, it defaults to 90% of the total amount of
memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a
cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the
cache, to keep memory use below the configured limit.

It has been discovered that the effectiveness of the cache-cleaning algorithm used in named can
be severely diminished by querying the resolver for specific RRsets in a certain order,
effectively allowing the configured max-cache-size limit to be significantly exceeded.

Vulnerability Impact:
By exploiting this flaw, an attacker can cause the amount of
memory used by a named resolver to go well beyond the configured max-cache-size limit. The
effectiveness of the attack depends on a number of factors (e.g. query load, query patterns), but
since the default value of the max-cache-size statement is 90%, in the worst case the attacker
can exhaust all available memory on the host running named, leading to a denial-of-service
condition.

Affected Software/OS:
ISC BIND versions 9.11.0 through 9.16.41, 9.18.0 through
9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1 and 9.18.11-S1 through
9.18.15-S1.

Solution:
Update to version 9.16.42, 9.18.16, 9.19.14, 9.16.42-S1,
9.18.16-S1 or later.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2023-2828
Debian Security Information: DSA-5439 (Google Search)
https://www.debian.org/security/2023/dsa-5439
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/
CVE-2023-2828
https://kb.isc.org/docs/cve-2023-2828
https://lists.debian.org/debian-lts-announce/2023/07/msg00021.html
http://www.openwall.com/lists/oss-security/2023/06/21/6

Copyright Copyright (C) 2023 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.149839
Kategorie:	Denial of Service
Titel:	ISC BIND DoS Vulnerability (CVE-2023-2828) - Windows
Zusammenfassung:	ISC BIND is prone to a denial of service (DoS) vulnerability.
Beschreibung:	Summary: ISC BIND is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file, it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to be significantly exceeded. Vulnerability Impact: By exploiting this flaw, an attacker can cause the amount of memory used by a named resolver to go well beyond the configured max-cache-size limit. The effectiveness of the attack depends on a number of factors (e.g. query load, query patterns), but since the default value of the max-cache-size statement is 90%, in the worst case the attacker can exhaust all available memory on the host running named, leading to a denial-of-service condition. Affected Software/OS: ISC BIND versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1. Solution: Update to version 9.16.42, 9.18.16, 9.19.14, 9.16.42-S1, 9.18.16-S1 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-2828 Debian Security Information: DSA-5439 (Google Search) https://www.debian.org/security/2023/dsa-5439 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/ CVE-2023-2828 https://kb.isc.org/docs/cve-2023-2828 https://lists.debian.org/debian-lts-announce/2023/07/msg00021.html http://www.openwall.com/lists/oss-security/2023/06/21/6
Copyright	Copyright (C) 2023 Greenbone AG