"BIND Updates Resolve High-Severity DoS Vulnerabilities"

The Internet Systems Consortium (ISC) recently announced BIND security updates that contain patches for several remotely exploitable denial-of-service (DoS) vulnerabilities in the DNS software suite.  The ISC said that the updates resolve a total of four high-severity bugs, tracked as CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, and CVE-2024-4076, all of which have a CVSS score of 7.5.  The first security defect would result in the server becoming unstable when receiving a flood of DNS messages over TCP.  The second issue may result in BIND's database becoming slow when a very large number of DNS Resource Records (RRs) exist at the same name.  The ISC noted that this would slow down the processing of queries by a factor of 100.  The third vulnerability is a straightforward DoS flaw that could be exploited by sending a stream of SIG(0) signed requests that would exhaust resolver CPU resources, causing the BIND server to become unresponsive.  The fourth bug is described as an "assertion failure when serving both stale cache data and authoritative zone content." The ISC noted that BIND versions 9.18.28 and 9.20.0 and BIND Supported Preview Edition version 9.18.28-S1 address all issues.  The ISC says it is unaware of these vulnerabilities being exploited in the wild. 

 

SecurityWeek reports: "BIND Updates Resolve High-Severity DoS Vulnerabilities"

Submitted by Adam Ekwall on