U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Internet Systems Consortium (ISC) fixed three DoS flaw in BIND

The Internet Systems Consortium (ISC) addressed three denial-of-service (DoS) vulnerabilities in the DNS software suite BIND. The Internet Systems Consortium (ISC) released security updates to address three denial-of-service (DoS) vulnerabilities in the DNS software suite BIND. The three issues, tracked as CVE-2023-2828, CVE-2023-2829 and CVE-2023-2911, are remotely exploitable. ISC states that the three flaws, rated […]

Agentic AI Artificial Intelligence incident response Bind

The Internet Systems Consortium (ISC) addressed three denial-of-service (DoS) vulnerabilities in the DNS software suite BIND.

The Internet Systems Consortium (ISC) released security updates to address three denial-of-service (DoS) vulnerabilities in the DNS software suite BIND. The three issues, tracked as CVE-2023-2828, CVE-2023-2829 and CVE-2023-2911, are remotely exploitable.

ISC states that the three flaws, rated as high-severity issues, could be exploited to saturate the memory of the devices, or could cause the BIND’s daemon ‘named‘ to crash.

The named instance configured to run as a recursive resolver uses a database to cache the responses to the queries it has recently sent to authoritative servers. Using

responsible for cleaning the memory cache to prevent it from reaching the maximum allowed value

“The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.” reads the advisory for CV£-2023-2828 (CVSS Score: 7.5) published by ISC. “It has been discovered that the effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to be significantly exceeded.”

An attacker can exploit this vulnerability to cause the amount of memory used by a named resolver to exceed the configured max-cache-size limit leading to a denial-of-service condition.

The second vulnerability, tracked as CVE-2023-2829, can be exploited to cause named to terminate unexpectedly when synth-from-dnssec is enabled.

The issue only affects instance running as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option enabled.

“By sending specific queries to the resolver, an attacker can cause named to terminate unexpectedly.” reads the advisory.

The last issue, tracked as CVE-2023-2911 (CVSS Score: 7.5), affectes BIND 9 resolvers exceeding the recursive-clients quota if they are configured to return ‘stale’ cached answers with the ‘stale-answer-client-timeout 0;’ option.

An attacker can trigger the issue by sending specific queries to the resolver causing named to terminate unexpectedly.

ISC addressed the three vulnerabilities with the release of BIND versions 9.16.42, 9.18.16, and 9.19.14, and BIND Supported Preview Edition versions 9.16.42-S1 and 9.18.16-S1.

The good news is that the organization is not aware of any attacks exploiting the above vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Internet Systems Consortium)