Korean
<< Back
VID 19100
Severity 40
Port 53
Protocol UDP
Class DNS
Detailed Description The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-2828 advisory.

- Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to be significantly exceeded. By exploiting this flaw, an attacker can cause the amount of memory used by a named resolver to go well beyond the configured max-cache-size limit. The effectiveness of the attack depends on a number of factors (e.g. query load, query patterns), but since the default value of the max-cache-size statement is 90%, in the worst case the attacker can exhaust all available memory on the host running named, leading to a denial-of-service condition. (CVE-2023-2828)

* References:
https://kb.isc.org/v1/docs/cve-2023-2828

* Platforms Affected:
Internet Software Consortium, BIND version 9.19.0 < 9.19.14
Any operating system Any version
Recommendation Upgrade to the latest version of BIND (9.19.14 or later), available from the Internet Software Consortium (ISC) Web site at http://www.isc.org/downloads/BIND/
Related URL CVE-2023-2828 (CVE)
Related URL 103189 (SecurityFocus)
Related URL (ISS)