U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

ISC fixed high-severity flaws in DNS software suite BIND

The latest BIND updates patch multiple remotely exploitable vulnerabilities that could lead to denial-of-service (DoS). BIND is a suite of software for interacting with the Domain Name System (DNS) maintained by the Internet Systems Consortium (ISC). The ISC released security patches to address multiple high-severity denial-of-service DoS vulnerabilities in the DNS software suite. Threat actors can exploit […]

Agentic AI Artificial Intelligence incident response Bind

The latest BIND updates patch multiple remotely exploitable vulnerabilities that could lead to denial-of-service (DoS).

BIND is a suite of software for interacting with the Domain Name System (DNS) maintained by the Internet Systems Consortium (ISC).

The ISC released security patches to address multiple high-severity denial-of-service DoS vulnerabilities in the DNS software suite.

Threat actors can exploit the issue to remotely cause the BIND daemon named to crash or saturate the available memory.

Below are the descriptions of some vulnerabilities addressed by ISC:

CVE-2022-3094 (CVSS score 7.5): Sending a flood of dynamic DNS updates may cause the ‘named‘ daemon to allocate large amounts of memory. Then ‘named’ may exit due to a lack of free memory.

“Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection.” reads the advisory published by ISC. “The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes.”

The issue impacts BIND 9.11 and earlier branches, however, it doesn’t cause the exhaustion of internal resources but only impacts performance.

CVE-2022-3736 (CVSS score 7.5): An attacker can trigger the issue by sending specific queries to the resolver causing the named daemon crash.

“BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. Impact: By sending specific queries to the resolver, an attacker can cause named to crash.” reads the advisory.

“By sending specific queries to the resolver, an attacker can cause named to crash.”

CVE-2022-3924 (CVSS score 7.5): named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota

The issue affects the implementation of the stale-answer-client-timeout option, when the resolver receives too many queries that require recursion.

“If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM recursive-clients limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure.” reads the advisory. “By sending specific queries to the resolver, an attacker can cause named to crash.”

ISC is not aware of any attacks in the wild exploiting this issue.

ISC addressed the above issues with the release of BIND versions 9.16.37, 9.18.11, and 9.19.9.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ISC)

[adrotate banner=”5″]

[adrotate banner=”13″]