Security Affairs
Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

The ISC issued updates for 4 High severity DoS flaws in BIND

The Internet Systems Consortium (ISC) has issued security updates to address four high severity flaws in the DNS software BIND. The Internet Systems Consortium (ISC) has issued updates to solve four high severity flaws in the DNS software BIND. The flaw could be exploited by a remote attacker to cause a DoS condition. An attacker can […]

Agentic AI Artificial Intelligence incident response Bind

The Internet Systems Consortium (ISC) has issued security updates to address four high severity flaws in the DNS software BIND.

The Internet Systems Consortium (ISC) has issued updates to solve four high severity flaws in the DNS software BIND. The flaw could be exploited by a remote attacker to cause a DoS condition.

An attacker can exploit the vulnerabilities to cause the BIND name server process to encounter an assertion failure and stop executing. The Internet Systems Consortium confirmed that it is not aware of active exploits for the flaws.

BIND

Below the list of flaws provided by the ISC:

  • CVE-2016-9778: An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes.
  • CVE-2016-9147: Depending on the type of query and the EDNS options in the query they receive, DNSSEC-enabled authoritative servers are expected to include RRSIG and other RRsets in their responses to recursive servers. DNSSEC-validating servers will also make specific queries for DS and other RRsets. Whether DNSSEC-validating or not, an error in processing malformed query responses that contain DNSSEC-related RRsets that are inconsistent with other RRsets in the same query response can trigger an assertion failure. Although the combination of properties which triggers the assertion should not occur in normal traffic, it is potentially possible for the assertion to be triggered deliberately by an attacker sending a specially-constructed answer.
  • CVE-2016-9131: A malformed query response received by a recursive server in response to a query of RTYPE ANY could trigger an assertion failure while named is attempting to add the RRs in the query response to the cache. While the combination of properties which triggers the assertion should not occur in normal traffic, it is potentially possible for the assertion to be triggered deliberately by an attacker sending a specially-constructed answer having the required properties, after having engineered a scenario whereby an ANY query is sent to the recursive server for the target QNAME. A recursive server will itself only send a query of type ANY if it receives a client query of type ANY for a QNAME for which it has no RRsets at all in cache, otherwise it will respond to the client with the the RRsets that it has available.
  • CVE-2016-9444: An unusually-formed answer containing a DS resource record could trigger an assertion failure. While the combination of properties which triggers the assertion should not occur in normal traffic, it is potentially possible for the assertion to be triggered deliberately by an attacker sending a specially-constructed answer having the required properties.

The CVE-2016-9778 flaw affects only a subset of servers which are performing NXDOMAIN redirection using the “nxdomain-redirect” function.

The CVE-2016-9131, the  CVE-2016-9147, and the CVE-2016-9444 flaws occur during the processing of an answer packet received in response to a query.

“As a result, recursive servers are at the greatest risk; authoritative servers are at risk only to the extent that they perform a limited set of queries (for example, in order to do zone service” state the advisories for the flaws.

The BIND versions 9.9.9-P5, 9.10.4-P5, 9.11.0-P2 and 9.9.9-S7 address the above vulnerabilities.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – BIND, security)