| VID |
19104 |
| Severity |
40 |
| Port |
53 |
| Protocol |
UDP |
| Class |
DNS |
| Detailed Description |
The version of ISC BIND installed on the remote host is prior to 9.18.24-S1. It is, therefore, affected by a vulnerability as referenced in the cve-2023-50387 advisory.
- Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the KeyTrap issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. (CVE-2023-50387)
* References:
https://kb.isc.org/v1/docs/cve-2023-50387
* Platforms Affected:
Internet Software Consortium, BIND version 9.18.11-S1 < 9.18.24-S1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of BIND (9.18.24-S1 or later), available from the Internet Software Consortium (ISC) Web site at http://www.isc.org/downloads/BIND/ |
| Related URL |
CVE-2023-50387 (CVE) |
| Related URL |
103189 (SecurityFocus) |
| Related URL |
(ISS) |
|
