The Web Methods Consortium (ISC) has launched security updates to deal with two remotely exploitable denial-of-service (DoS) vulnerabilities within the DNS software program suite BIND.
Each bugs, ISC says, reside in named – the BIND daemon that acts each as an authoritative title server and as a recursive resolver – and should trigger it to terminate unexpectedly.
The primary of the failings, tracked as CVE-2023-3341 (CVSS rating of seven.5), is described as a stack exhaustion difficulty impacting the management channel message processing. The code requires sure capabilities recursively, which might result in reminiscence exhaustion.
“Recursion depth is barely restricted by the utmost accepted packet dimension; relying on the atmosphere, this will likely trigger the packet-parsing code to expire of obtainable stack reminiscence, inflicting named to terminate unexpectedly,” ISC notes in its advisory.
As a result of every message is absolutely parsed earlier than its content material is authenticated, a distant attacker with entry to the management channel’s configured TCP port can exploit the vulnerability and not using a legitimate RNDC key.
In line with ISC, “the assault solely works in environments the place the stack dimension out there to every course of/thread is sufficiently small; the precise threshold relies on a number of elements and is due to this fact inconceivable to specify universally.”
The problem impacts BIND variations 9.2.0 to 9.16.43, 9.18.x, and 9.19.x, and was resolved in BIND variations 9.16.44, 9.18.19, and 9.19.17. BIND Supported Preview Version variations 9.9.3-S1 to 9.16.43-S1 and 9.18.0-S1 to 9.18.18-S1 are additionally affected, with patches included in variations 9.16.44-S1 and 9.18.19-S1.
Tracked as CVE-2023-4236 (CVSS rating of seven.5), the second flaw is described as an assertion failure within the networking code that handles DNS-over-TLS queries.
“When inside knowledge buildings are incorrectly reused below important DNS-over-TLS question load”, named could crash unexpectedly, ISC explains.
DNS-over-HTTPS code in BIND makes use of a unique TLS implementation and isn’t affected.
The flaw impacts BIND variations 9.18.0 to 9.18.18 and BIND Supported Preview Version variations 9.18.11-S1 to 9.18.18-S1, and was addressed with the discharge of BIND model 9.18.19 and BIND Supported Preview Version model 9.18.19-S1.
ISC says it isn’t conscious of any of those vulnerabilities being exploited in malicious assaults.
