Denial of Service : ISC BIND DoS Vulnerability (CVE-2023-4408)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.151726

Categoría: Denial of Service

Título: ISC BIND DoS Vulnerability (CVE-2023-4408) - Windows

Resumen: ISC BIND is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
ISC BIND is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
The DNS message parsing code in named includes a section whose
computational complexity is overly high. It does not cause problems for typical DNS traffic, but
crafted queries and responses may cause excessive CPU load on the affected named instance by
exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.

Vulnerability Impact:
By flooding the target server with queries exploiting this flaw
an attacker can significantly impair the server's performance, effectively denying legitimate
clients access to the DNS resolution service.

Affected Software/OS:
ISC BIND version 9.0.0 through 9.16.45, 9.18.0 through
9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1 and
9.18.11-S1 through 9.18.21-S1.

Solution:
Update to version 9.16.48, 9.18.24, 9.19.21, 9.16.48-S1,
9.18.24-S1 or later.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-4408
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/
CVE-2023-4408
https://kb.isc.org/docs/cve-2023-4408
http://www.openwall.com/lists/oss-security/2024/02/13/1

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.151726
Categoría:	Denial of Service
Título:	ISC BIND DoS Vulnerability (CVE-2023-4408) - Windows
Resumen:	ISC BIND is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: ISC BIND is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. Vulnerability Impact: By flooding the target server with queries exploiting this flaw an attacker can significantly impair the server's performance, effectively denying legitimate clients access to the DNS resolution service. Affected Software/OS: ISC BIND version 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1 and 9.18.11-S1 through 9.18.21-S1. Solution: Update to version 9.16.48, 9.18.24, 9.19.21, 9.16.48-S1, 9.18.24-S1 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-4408 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/ CVE-2023-4408 https://kb.isc.org/docs/cve-2023-4408 http://www.openwall.com/lists/oss-security/2024/02/13/1
Copyright	Copyright (C) 2024 Greenbone AG