ClickCease Multiple BIND Vulnerabilities Addressed in Ubuntu

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Multiple BIND Vulnerabilities Addressed in Ubuntu

Rohan Timalsina

March 21, 2024 - TuxCare expert team

BIND, also known as Berkeley Internet Name Domain, is a widely used DNS server software that translates domain names into numerical IP addresses and vice versa. BIND servers are deployed across the internet by organizations, internet service providers (ISPs), and network administrators to manage DNS records and facilitate efficient communication on the web. Recently, a series of vulnerabilities have been unearthed within BIND 9, the latest version, raising concerns about potential exploits and the need for prompt action to safeguard against them.

In response to these findings, the Ubuntu security team has released crucial security updates across multiple Ubuntu releases, including 22.04 LTS, 20.04 LTS, and 23.10, aiming to mitigate the risks posed by these vulnerabilities.

 

Overview of BIND Vulnerabilities

 

The vulnerabilities identified in bind9 encompass a range of issues, each with its own potential implications for system security.

 

Large DNS Message Parsing (CVE-2023-4408)

Discovered by Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt, this vulnerability revolves around the mishandling of parsing large DNS messages. Exploiting this flaw could lead to resource consumption, thereby triggering a denial of service.

 

DNSSEC Message Validation (CVE-2023-50387)

Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner uncovered a vulnerability in BIND 9’s handling of DNSSEC messages. By exploiting this flaw, attackers could induce resource exhaustion, resulting in a denial of service scenario.

 

NSEC3 Closest Encloser Proof (CVE-2023-50868)

This vulnerability pertains to the incorrect handling of NSEC3 closest encloser proof preparation. Attackers could leverage this weakness to exhaust resources, ultimately leading to a denial of service.

 

Reverse Zone Queries with nxdomain-redirect Enabled (CVE-2023-5517)

BIND9’s mishandling of reverse zone queries under specific conditions, such as when nxdomain-redirect is enabled, can be exploited by remote attackers to crash the server, thereby facilitating a denial of service attack.

 

Specific Recursive Query Patterns (CVE-2023-6516)

A vulnerability lies in BIND 9’s handling of certain recursive query patterns. Attackers could exploit this flaw to trigger memory consumption, subsequently causing a denial of service.

All vulnerabilities have a CVSS v3 score of 7.5 (High) except CVE-2023-50868, as its score is still pending.

 

Mitigation Strategies

 

To address BIND vulnerabilities, updates have been rolled out, bringing the software version of bind9 to 9.6.48. These updates not only patch the security issues but also include bug fixes, introduce new features, and may bring some incompatible changes. It’s imperative for administrators and users of bind9 to promptly apply these updates to their systems to mitigate the risks posed by potential exploits. The Debian security updates were also released to fix these vulnerabilities.

 

Source: USN-6642-1, USN-6633-1

Summary
Multiple BIND Vulnerabilities Addressed in Ubuntu
Article Name
Multiple BIND Vulnerabilities Addressed in Ubuntu
Description
Protect your DNS server from potential threats with crucial updates addressing BIND vulnerabilities. Apply them and secure your system today.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter