Korean
<< Back
VID 19102
Severity 40
Port 53
Protocol UDP
Class DNS
Detailed Description The version of ISC BIND installed on the remote host is prior to 9.16.48-S1. It is, therefore, affected by a vulnerability as referenced in the cve-2023-50387 advisory.

- Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the KeyTrap issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. (CVE-2023-50387)

* References:
https://kb.isc.org/v1/docs/cve-2023-50387

* Platforms Affected:
Internet Software Consortium, BIND version 9.9.3-S1 < 9.16.48-S1
Any operating system Any version
Recommendation Upgrade to the latest version of BIND (9.16.48-S1 or later), available from the Internet Software Consortium (ISC) Web site at http://www.isc.org/downloads/BIND/
Related URL CVE-2023-50387 (CVE)
Related URL 103189 (SecurityFocus)
Related URL (ISS)