ISC Issues Security Updates to Address New BIND DNS Software Bugs

 

The Internet Systems Consortium (ISC) has issued updates to address multiple security flaws in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite, which could result in a denial-of-service (DoS) condition. 
According to its website, the open-source software is utilized by major financial institutions, national and international carriers, internet service providers (ISPs), retailers, manufacturers, educational institutions, and government entities. 
All four flaws are found in name, a BIND9 service that acts as an authoritative nameserver for a predefined set of DNS zones or as a recursive resolver for local network clients. The following are the bugs that have been rated 7.5 on the CVSS scoring system:
  • CVE-2022-3094 – An UPDATE message flood may cause named to exhaust all available memory
  • CVE-2022-3488 – BIND Supported Preview Edition named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries
  • CVE-2022-3736 – named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries
  • CVE-2022-3924 – named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota
Exploiting th

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: