ISC Releases Security Patches for New BIND DNS Software Vulnerabilities

Jan 28, 2023 by iHash Leave a Comment

Jan 28, 2023Ravie LakshmananServer Security / DNS

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition.

“A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory released Friday.

The open source software is used by major financial firms, national and international carriers, internet service providers (ISPs), retailers, manufacturers, educational institutions, and government entities, according to its website.

All four flaws reside in named, a BIND9 service that functions as an authoritative nameserver for a fixed set of DNS zones or as a recursive resolver for clients on a local network.

The list of the bugs, which are rated 7.5 on the CVSS scoring system, is as follows –

CVE-2022-3094 – An UPDATE message flood may cause named to exhaust all available memory
CVE-2022-3488 – BIND Supported Preview Edition named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries
CVE-2022-3736 – named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries
CVE-2022-3924 – named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota

Successful exploitation of the vulnerabilities could cause the named service to crash or exhaust available memory on a target server.

The issues affect versions 9.16.0 to 9.16.36, 9.18.0 to 9.18.10, 9.19.0 to 9.19.8, and 9.16.8-S1 to 9.16.36-S1. CVE-2022-3488 also impacts BIND Supported Preview Edition versions 9.11.4-S1 to 9.11.37-S1. They have been resolved in versions 9.16.37, 9.18.11, 9.19.9, and 9.16.37-S1.

Although there is no evidence that any of these vulnerabilities are being actively exploited, users are recommended to upgrade to the latest version as soon as possible to mitigate potential threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Source link

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Apple MacBook Air MJVE2LLA (2015) 13.3" 1.6GHz i5 8GB RAM 128GB SSD (Refurbished) for $451

Expires March 21, 2123 23:59 PST Buy now and get 43% off KEY FEATURES The Apple MacBook Air MJVE2LLA (2015) 13.3″ is a powerful and lightweight laptop that is perfect for people who are always on the go. The 13.3″ HD display provides crisp and clear images, so you can enjoy your favorite movies, TV […]

Leather AirTag Case – Camo for $29

Expires March 20, 2123 19:21 PST Buy now and get 14% off KEY FEATURES It’s all about tracking, not exposing. VogDUO AirTag Leather Case provides the best protection from privacy and damages for your personal belongings. For your best interests, we recommend the users keep the AirTag from exposure. Thus, we use Premium Italian Leather […]

Zero-click remote hacks for Samsung, Google, and Vivo smartphones

Smartphones, tablets, and even cars with Samsung Exynos microprocessors are at risk of remote hacking. Bug hunters at Google Project Zero say you just need the victim’s phone number. This is due to the presence of 18 vulnerabilities in the Exynos baseband radio processor, which is widely used in Google, Vivo, Samsung, and many other […]

30W Slim Wall Charger Black for $39

Expires March 20, 2123 19:26 PST Buy now and get 20% off Slim Wall Charger 3-port Model No.: SPC001 Charger Pro Frequent travelers love to move around with minimal effort, which is why it makes perfect sense to carry a USB charger that can power up multiple devices simultaneously. Even better yet, if this particular […]

Heard on the Street – 3/20/2023

Welcome to insideBIGDATA’s “Heard on the Street” round-up column! In this regular feature, we highlight thought-leadership commentaries from members of the big data ecosystem. Each edition covers the trends of the day with compelling perspectives that can provide important insights to give you a competitive advantage in the marketplace. We invite submissions with a focus […]

Evades Macro Security via OneNote Attachments

Mar 20, 2023Ravie LakshmananEndpoint Security / Email Security The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to […]

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate. Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

Apple MacBook Air MJVE2LLA (2015) 13.3" 1.6GHz i5 8GB RAM 128GB SSD (Refurbished) for $451

30W Slim Wall Charger White for $39

Leather AirTag Case – Camo for $29

Microsoft Office Home and Business for Mac 2021 Lifetime License (MJVE2LLA Bundle) for $451

Microsoft Office Home and Business for Mac 2021 Lifetime License (MQD42LLA Bundle) for $475

ISC Releases Security Patches for New BIND DNS Software Vulnerabilities

Apple MacBook Air MJVE2LLA (2015) 13.3" 1.6GHz i5 8GB RAM 128GB SSD (Refurbished) for $451

30W Slim Wall Charger White for $39

Leather AirTag Case – Camo for $29

Microsoft Office Home and Business for Mac 2021 Lifetime License (MJVE2LLA Bundle) for $451

Microsoft Office Home and Business for Mac 2021 Lifetime License (MQD42LLA Bundle) for $475

Share this:

Reader Interactions

Leave a Reply Cancel reply