Vulnerability-Lookup

WID-SEC-W-2023-1533

Vulnerability from csaf_certbund - Published: 2023-06-21 22:00 - Updated: 2024-08-13 22:00

Summary

Internet Systems Consortium BIND: Mehrere Schwachstellen ermöglichen Denial of Service

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: BIND (Berkeley Internet Name Domain) ist ein Open-Source-Softwarepaket, das einen Domain-Name-System-Server implementiert. Ubuntu Linux ist die Linux Distribution des Herstellers Canonical. Network Identity Operating System (NIOS) ist das Betriebssystem von Infoblox Netzwerkprodukten. Infoblox DDI ist ein Verwaltungsserver für Netzwerkadressen mit DNS und DHCP-Server.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2023-2828

Es existiert eine Schwachstelle in Internet Systems Consortium BIND. Die Effektivität des in named verwendeten Cache-Cleaning-Algorithmus kann durch die Abfrage des Resolvers nach bestimmten RR-Sets in einer bestimmten Reihenfolge stark vermindert werden. Dadurch kann die konfigurierte Grenze für die maximale Cache-Größe deutlich überschritten werden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen.

Affected products

Known affected 15 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
IBM VIOS 3.1 IBM / VIOS	`cpe:/a:ibm:vios:3.1`	3.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Ubuntu Linux Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—
Infoblox DDI bloxone Infoblox / DDI	`cpe:/a:infoblox:ddi:bloxone`	bloxone
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:vmware_vsphere`	—
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3

Last affected 2 products

Product	Identifier	Version	Remediation
Infoblox NIOS <=9.0.0 Infoblox / NIOS		<=9.0.0
Infoblox NIOS <=8.6.2 Infoblox / NIOS		<=8.6.2

CVE-2023-2829

Es existiert eine Schwachstelle in Internet Systems Consortium BIND. Eine benannte Instanz, die so konfiguriert ist, dass sie als DNSSEC-validierender rekursiver Resolver mit aktivierter Option "Aggressive Use of DNSSEC-Validated Cache" läuft, kann aus der Ferne mit einem fehlerhaften NSEC-record beendet werden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen.

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
IBM VIOS 3.1 IBM / VIOS	`cpe:/a:ibm:vios:3.1`	3.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:vmware_vsphere`	—
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3

CVE-2023-2911

Es existiert eine Schwachstelle in Internet Systems Consortium BIND. Eine Sequenz von serve-stale-bezogenen Lookups kann dazu führen, dass named eine Schleife bildet und aufgrund eines Stack-Überlaufs unerwartet beendet wird. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen.

Affected products

Known affected 14 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
IBM VIOS 3.1 IBM / VIOS	`cpe:/a:ibm:vios:3.1`	3.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Ubuntu Linux Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:vmware_vsphere`	—
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3

References

44 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://lists.suse.com/pipermail/sle-security-upd…	external
https://kb.isc.org/docs/cve-2023-2828	external
https://kb.isc.org/docs/cve-2023-2829	external
https://kb.isc.org/docs/cve-2023-2911	external
https://ubuntu.com/security/notices/USN-6183-1	external
https://support.infoblox.com/s/article/000009010	external
https://support.infoblox.com/s/article/000009014	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://lists.debian.org/debian-security-announce…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://security.netapp.com/advisory/ntap-2023070…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2023:4005	external
https://access.redhat.com/errata/RHSA-2023:4037	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2023:4102	external
https://access.redhat.com/errata/RHSA-2023:4099	external
https://access.redhat.com/errata/RHSA-2023:4101	external
https://access.redhat.com/errata/RHSA-2023:4100	external
https://access.redhat.com/errata/RHSA-2023:4152	external
https://access.redhat.com/errata/RHSA-2023:4153	external
https://access.redhat.com/errata/RHSA-2023:4154	external
https://ubuntu.com/security/notices/USN-6183-2	external
https://linux.oracle.com/errata/ELSA-2023-4100.html	external
https://alas.aws.amazon.com/AL2/ALAS-2023-2112.html	external
https://linux.oracle.com/errata/ELSA-2023-4102.html	external
https://alas.aws.amazon.com/ALAS-2023-1789.html	external
https://access.redhat.com/errata/RHSA-2023:4225	external
https://access.redhat.com/errata/RHSA-2023:4332	external
https://lists.centos.org/pipermail/centos-announc…	external
https://oss.oracle.com/pipermail/el-errata/2023-A…	external
https://oss.oracle.com/pipermail/el-errata/2023-A…	external
https://access.redhat.com/errata/RHSA-2023:4625	external
https://access.redhat.com/errata/RHSA-2023:4624	external
https://www.ibm.com/support/pages/node/7030969	external
https://www.ibm.com/support/pages/node/7148094	external
https://linux.oracle.com/errata/ELSA-2024-1781.html	external
https://linux.oracle.com/errata/ELSA-2024-5231.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "BIND (Berkeley Internet Name Domain) ist ein Open-Source-Softwarepaket, das einen Domain-Name-System-Server implementiert.\r\nUbuntu Linux ist die Linux Distribution des Herstellers Canonical.\r\nNetwork Identity Operating System (NIOS) ist das Betriebssystem von Infoblox Netzwerkprodukten.\r\nInfoblox DDI ist ein Verwaltungsserver f\u00fcr Netzwerkadressen mit DNS und DHCP-Server.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1533 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1533.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1533 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1533"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2954-1 vom 2024-02-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/018035.html"
      },
      {
        "category": "external",
        "summary": "ISC Security Advisory vom 2023-06-21",
        "url": "https://kb.isc.org/docs/cve-2023-2828"
      },
      {
        "category": "external",
        "summary": "ISC Security Advisory vom 2023-06-21",
        "url": "https://kb.isc.org/docs/cve-2023-2829"
      },
      {
        "category": "external",
        "summary": "ISC Security Advisory vom 2023-06-21",
        "url": "https://kb.isc.org/docs/cve-2023-2911"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice",
        "url": "https://ubuntu.com/security/notices/USN-6183-1"
      },
      {
        "category": "external",
        "summary": "Infoblox Advisory",
        "url": "https://support.infoblox.com/s/article/000009010"
      },
      {
        "category": "external",
        "summary": "Infoblox Advisory",
        "url": "https://support.infoblox.com/s/article/000009014"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-8E1DDB1FA2 vom 2023-06-23",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-8e1ddb1fa2"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-C0FF5A2F68 vom 2023-06-23",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-c0ff5a2f68"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-1D526D551C vom 2023-06-23",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-1d526d551c"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5439 vom 2023-06-25",
        "url": "https://lists.debian.org/debian-security-announce/2023/msg00131.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2667-1 vom 2023-06-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015348.html"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20230703-0010 vom 2023-07-03",
        "url": "https://security.netapp.com/advisory/ntap-20230703-0010/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2789-1 vom 2023-07-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015457.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2793-1 vom 2023-07-07",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015459.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2794-1 vom 2023-07-07",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015458.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4005 vom 2023-07-10",
        "url": "https://access.redhat.com/errata/RHSA-2023:4005"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4037 vom 2023-07-12",
        "url": "https://access.redhat.com/errata/RHSA-2023:4037"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2836-1 vom 2023-07-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015499.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4102 vom 2023-07-18",
        "url": "https://access.redhat.com/errata/RHSA-2023:4102"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4099 vom 2023-07-18",
        "url": "https://access.redhat.com/errata/RHSA-2023:4099"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4101 vom 2023-07-18",
        "url": "https://access.redhat.com/errata/RHSA-2023:4101"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4100 vom 2023-07-18",
        "url": "https://access.redhat.com/errata/RHSA-2023:4100"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4152 vom 2023-07-18",
        "url": "https://access.redhat.com/errata/RHSA-2023:4152"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4153 vom 2023-07-18",
        "url": "https://access.redhat.com/errata/RHSA-2023:4153"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4154 vom 2023-07-18",
        "url": "https://access.redhat.com/errata/RHSA-2023:4154"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6183-2 vom 2023-07-18",
        "url": "https://ubuntu.com/security/notices/USN-6183-2"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-4100 vom 2023-07-20",
        "url": "https://linux.oracle.com/errata/ELSA-2023-4100.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-2112 vom 2023-07-20",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2112.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-4102 vom 2023-07-20",
        "url": "https://linux.oracle.com/errata/ELSA-2023-4102.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-1789 vom 2023-07-26",
        "url": "https://alas.aws.amazon.com/ALAS-2023-1789.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4225 vom 2023-07-27",
        "url": "https://access.redhat.com/errata/RHSA-2023:4225"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4332 vom 2023-07-31",
        "url": "https://access.redhat.com/errata/RHSA-2023:4332"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2023:4152 vom 2023-08-03",
        "url": "https://lists.centos.org/pipermail/centos-announce/2023-August/086414.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-4152 vom 2023-08-10",
        "url": "https://oss.oracle.com/pipermail/el-errata/2023-August/014400.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-4099 vom 2023-08-10",
        "url": "https://oss.oracle.com/pipermail/el-errata/2023-August/014283.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4625 vom 2023-08-11",
        "url": "https://access.redhat.com/errata/RHSA-2023:4625"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4624 vom 2023-08-11",
        "url": "https://access.redhat.com/errata/RHSA-2023:4624"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7030969 vom 2023-09-07",
        "url": "https://www.ibm.com/support/pages/node/7030969"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7148094 vom 2024-04-11",
        "url": "https://www.ibm.com/support/pages/node/7148094"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-1781 vom 2024-04-12",
        "url": "https://linux.oracle.com/errata/ELSA-2024-1781.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-5231 vom 2024-08-13",
        "url": "https://linux.oracle.com/errata/ELSA-2024-5231.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Internet Systems Consortium BIND: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2024-08-13T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:52:54.224+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1533",
      "initial_release_date": "2023-06-21T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-06-21T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-06-22T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2023-06-25T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2023-06-28T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-07-03T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von NetApp aufgenommen"
        },
        {
          "date": "2023-07-06T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-07-09T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-07-10T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-07-12T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-07-16T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-07-17T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-07-18T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-07-19T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2023-07-20T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Amazon und Oracle Linux aufgenommen"
        },
        {
          "date": "2023-07-25T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-07-26T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-07-31T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-08-03T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von CentOS aufgenommen"
        },
        {
          "date": "2023-08-10T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2023-08-13T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-09-07T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-02-27T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-04-11T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von IBM und Oracle Linux aufgenommen"
        },
        {
          "date": "2024-08-13T22:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "24"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.2",
                "product": {
                  "name": "IBM AIX 7.2",
                  "product_id": "434967",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:ibm:aix:7.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.3",
                "product": {
                  "name": "IBM AIX 7.3",
                  "product_id": "T029653",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:ibm:aix:7.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "AIX"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.5",
                "product": {
                  "name": "IBM QRadar SIEM 7.5",
                  "product_id": "T022954",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.1",
                "product": {
                  "name": "IBM VIOS 3.1",
                  "product_id": "1039165",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:vios:3.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "VIOS"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bloxone",
                "product": {
                  "name": "Infoblox DDI bloxone",
                  "product_id": "T028257",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:infoblox:ddi:bloxone"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DDI"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=9.0.0",
                "product": {
                  "name": "Infoblox NIOS \u003c=9.0.0",
                  "product_id": "T028255"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.6.2",
                "product": {
                  "name": "Infoblox NIOS \u003c=8.6.2",
                  "product_id": "T028256"
                }
              }
            ],
            "category": "product_name",
            "name": "NIOS"
          }
        ],
        "category": "vendor",
        "name": "Infoblox"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.16.42",
                "product": {
                  "name": "Internet Systems Consortium BIND \u003c9.16.42",
                  "product_id": "T028252"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.18.16",
                "product": {
                  "name": "Internet Systems Consortium BIND \u003c9.18.16",
                  "product_id": "T028253"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.19.14",
                "product": {
                  "name": "Internet Systems Consortium BIND \u003c9.19.14",
                  "product_id": "T028254"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.16.42-S1",
                "product": {
                  "name": "Internet Systems Consortium BIND \u003c9.16.42-S1",
                  "product_id": "T028265"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.18.16-S1",
                "product": {
                  "name": "Internet Systems Consortium BIND \u003c9.18.16-S1",
                  "product_id": "T028266"
                }
              }
            ],
            "category": "product_name",
            "name": "BIND"
          }
        ],
        "category": "vendor",
        "name": "Internet Systems Consortium"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "NetApp ActiveIQ Unified Manager",
            "product": {
              "name": "NetApp ActiveIQ Unified Manager",
              "product_id": "T026333",
              "product_identification_helper": {
                "cpe": "cpe:/a:netapp:active_iq_unified_manager:vmware_vsphere"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Ubuntu Linux",
                "product": {
                  "name": "Ubuntu Linux",
                  "product_id": "T000126",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:canonical:ubuntu_linux:-"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Ubuntu Linux",
                "product": {
                  "name": "Ubuntu Linux",
                  "product_id": "T016400",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:canonical:ubuntu_linux:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux"
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-2828",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Internet Systems Consortium BIND. Die Effektivit\u00e4t des in named verwendeten Cache-Cleaning-Algorithmus kann durch die Abfrage des Resolvers nach bestimmten RR-Sets in einer bestimmten Reihenfolge stark vermindert werden. Dadurch kann die konfigurierte Grenze f\u00fcr die maximale Cache-Gr\u00f6\u00dfe deutlich \u00fcberschritten werden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "434967",
          "1039165",
          "T004914",
          "T016400",
          "74185",
          "T022954",
          "2951",
          "T002207",
          "T000126",
          "398363",
          "1727",
          "T028257",
          "T026333",
          "T029653"
        ],
        "last_affected": [
          "T028255",
          "T028256"
        ]
      },
      "release_date": "2023-06-21T22:00:00.000+00:00",
      "title": "CVE-2023-2828"
    },
    {
      "cve": "CVE-2023-2829",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Internet Systems Consortium BIND. Eine benannte Instanz, die so konfiguriert ist, dass sie als DNSSEC-validierender rekursiver Resolver mit aktivierter Option \"Aggressive Use of DNSSEC-Validated Cache\" l\u00e4uft, kann aus der Ferne mit einem fehlerhaften NSEC-record beendet werden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "434967",
          "1039165",
          "T004914",
          "74185",
          "T022954",
          "2951",
          "T002207",
          "T000126",
          "398363",
          "1727",
          "T026333",
          "T029653"
        ]
      },
      "release_date": "2023-06-21T22:00:00.000+00:00",
      "title": "CVE-2023-2829"
    },
    {
      "cve": "CVE-2023-2911",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Internet Systems Consortium BIND. Eine Sequenz von serve-stale-bezogenen Lookups kann dazu f\u00fchren, dass named eine Schleife bildet und aufgrund eines Stack-\u00dcberlaufs unerwartet beendet wird. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "434967",
          "1039165",
          "T004914",
          "T016400",
          "74185",
          "T022954",
          "2951",
          "T002207",
          "T000126",
          "398363",
          "1727",
          "T026333",
          "T029653"
        ]
      },
      "release_date": "2023-06-21T22:00:00.000+00:00",
      "title": "CVE-2023-2911"
    }
  ]
}

CVE-2023-2828 (GCVE-0-2023-2828)

Vulnerability from cvelistv5 – Published: 2023-06-21 16:26 – Updated: 2025-02-13 16:48

Title

named's configured cache size limit can be significantly exceeded

Summary

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Assigner

isc

References

7 references

URL	Tags
https://kb.isc.org/docs/cve-2023-2828	vendor-advisory
http://www.openwall.com/lists/oss-security/2023/06/21/6
https://lists.fedoraproject.org/archives/list/pac…
https://www.debian.org/security/2023/dsa-5439
https://lists.fedoraproject.org/archives/list/pac…
https://security.netapp.com/advisory/ntap-2023070…
https://lists.debian.org/debian-lts-announce/2023…

Impacted products

1 product

Vendor	Product	Version
ISC	BIND 9	Affected: 9.11.0 , ≤ 9.16.41 (custom) Affected: 9.18.0 , ≤ 9.18.15 (custom) Affected: 9.19.0 , ≤ 9.19.13 (custom) Affected: 9.11.3-S1 , ≤ 9.16.41-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.15-S1 (custom)

Date Public ?

2023-06-21 00:00

Credits

ISC would like to thank Shoham Danino from Reichman University, Anat Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University, and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:33:05.796Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "CVE-2023-2828",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/cve-2023-2828"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/21/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5439"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230703-0010/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2828",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-06T18:36:28.183787Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-06T18:36:35.647Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.16.41",
              "status": "affected",
              "version": "9.11.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.15",
              "status": "affected",
              "version": "9.18.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.19.13",
              "status": "affected",
              "version": "9.19.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.16.41-S1",
              "status": "affected",
              "version": "9.11.3-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.15-S1",
              "status": "affected",
              "version": "9.18.11-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Shoham Danino from Reichman University, Anat Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University, and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2023-06-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.\n\nIt has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "By exploiting this flaw, an attacker can cause the amount of memory used by a `named` resolver to go well beyond the configured `max-cache-size` limit. The effectiveness of the attack depends on a number of factors (e.g. query load, query patterns), but since the default value of the `max-cache-size` statement is `90%`, in the worst case the attacker can exhaust all available memory on the host running `named`, leading to a denial-of-service condition."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-19T11:06:10.654Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2023-2828",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2023-2828"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/06/21/6"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5439"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230703-0010/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00021.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.42, 9.18.16, 9.19.14, 9.16.42-S1, or 9.18.16-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "named\u0027s configured cache size limit can be significantly exceeded",
      "workarounds": [
        {
          "lang": "en",
          "value": "No workarounds known."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2023-2828",
    "datePublished": "2023-06-21T16:26:07.096Z",
    "dateReserved": "2023-05-22T07:57:41.362Z",
    "dateUpdated": "2025-02-13T16:48:38.124Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2829 (GCVE-0-2023-2829)

Vulnerability from cvelistv5 – Published: 2023-06-21 16:26 – Updated: 2025-02-13 16:48

Title

Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled

Summary

A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Assigner

isc

References

2 references

URL	Tags
https://kb.isc.org/docs/cve-2023-2829	vendor-advisory
https://security.netapp.com/advisory/ntap-2023070…

Impacted products

1 product

Vendor	Product	Version
ISC	BIND 9	Affected: 9.16.8-S1 , ≤ 9.16.41-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.15-S1 (custom)

Date Public ?

2023-06-21 00:00

Credits

ISC would like to thank Greg Kuechle from SaskTel for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:33:05.969Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "CVE-2023-2829",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/cve-2023-2829"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230703-0010/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2829",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-06T18:34:26.527193Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-06T18:34:46.254Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.16.41-S1",
              "status": "affected",
              "version": "9.16.8-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.15-S1",
              "status": "affected",
              "version": "9.18.11-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Greg Kuechle from SaskTel for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2023-06-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record.\nThis issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "By sending specific queries to the resolver, an attacker can cause `named` to terminate unexpectedly.\n\nNote that the BIND configuration option `synth-from-dnssec` is enabled by default in all versions of BIND 9.18 and 9.18-S and newer. In earlier versions of BIND that had this option available, it was disabled unless activated explicitly in `named.conf`."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-03T15:06:24.821Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2023-2829",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2023-2829"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230703-0010/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.42-S1 or 9.18.16-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled",
      "workarounds": [
        {
          "lang": "en",
          "value": "Setting `synth-from-dnssec` to `no` prevents the problem."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2023-2829",
    "datePublished": "2023-06-21T16:26:24.932Z",
    "dateReserved": "2023-05-22T07:57:43.061Z",
    "dateUpdated": "2025-02-13T16:48:38.687Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2911 (GCVE-0-2023-2911)

Vulnerability from cvelistv5 – Published: 2023-06-21 16:26 – Updated: 2025-02-13 16:49

Title

Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0

Summary

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Assigner

isc

References

6 references

URL	Tags
https://kb.isc.org/docs/cve-2023-2911	vendor-advisory
http://www.openwall.com/lists/oss-security/2023/06/21/6
https://lists.fedoraproject.org/archives/list/pac…
https://www.debian.org/security/2023/dsa-5439
https://lists.fedoraproject.org/archives/list/pac…
https://security.netapp.com/advisory/ntap-2023070…

Impacted products

1 product

Vendor	Product	Version
ISC	BIND 9	Affected: 9.16.33 , ≤ 9.16.41 (custom) Affected: 9.18.7 , ≤ 9.18.15 (custom) Affected: 9.16.33-S1 , ≤ 9.16.41-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.15-S1 (custom)

Date Public ?

2023-06-21 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:41:03.760Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "CVE-2023-2911",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/cve-2023-2911"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/21/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5439"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230703-0010/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2911",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-06T18:32:18.833805Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-06T18:32:26.092Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.16.41",
              "status": "affected",
              "version": "9.16.33",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.15",
              "status": "affected",
              "version": "9.18.7",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.16.41-S1",
              "status": "affected",
              "version": "9.16.33-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.15-S1",
              "status": "affected",
              "version": "9.18.11-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow.\nThis issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "This flaw was discovered in internal testing. We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "By sending specific queries to the resolver, an attacker can cause `named` to terminate unexpectedly."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-03T15:06:21.382Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2023-2911",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2023-2911"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/06/21/6"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5439"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230703-0010/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.42, 9.18.16, 9.16.42-S1, or 9.18.16-S1."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0",
      "workarounds": [
        {
          "lang": "en",
          "value": "Setting `stale-answer-client-timeout` to `off` or to a non-zero value prevents the issue.\n\nUsers of versions 9.18.10, 9.16.36, 9.16.36-S1 or older who are unable to upgrade should set `stale-answer-client-timeout` to `off`; using a non-zero value with these older versions leaves `named` vulnerable to CVE-2022-3924.\n\nAlthough it is possible to set the `recursive-clients` limit to a high number to reduce the likelihood of this scenario, this is not recommended; the limit on `recursive-clients` is important for preventing exhaustion of server resources. The limit cannot be disabled entirely."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2023-2911",
    "datePublished": "2023-06-21T16:26:36.587Z",
    "dateReserved": "2023-05-26T11:20:45.872Z",
    "dateUpdated": "2025-02-13T16:49:00.351Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2023-1533

CVE-2023-2828 (GCVE-0-2023-2828)

CVE-2023-2829 (GCVE-0-2023-2829)

CVE-2023-2911 (GCVE-0-2023-2911)

Tags

Sightings

Nomenclature