Описание
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.
A flaw was found in BIND due to a reachable assertion triggered if a TLS connection to a configured HTTP TLS listener with a defined endpoint is destroyed too early. This flaw allows a remote attacker to trigger a denial of service condition on the targeted system.
Отчет
This flaw only affects BIND 9.18.0 -> 9.18.2 and BIND 9.19.0, whereas Red Hat ships BIND-9.16 and lower versions. Therefore, versions of BIND shipped with Red Hat Products are not affected by this flaw. For RHEL-9, DHCP uses BIND 9 libraries (bind-9.11.x) for some services. Hence, DHCP shipped with RHEL-9 is also not affected.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | bind | Not affected | ||
| Red Hat Enterprise Linux 7 | bind | Not affected | ||
| Red Hat Enterprise Linux 8 | bind | Not affected | ||
| Red Hat Enterprise Linux 8 | bind9.16 | Not affected | ||
| Red Hat Enterprise Linux 9 | bind | Not affected | ||
| Red Hat Enterprise Linux 9 | dhcp | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.
On vulnerable configurations, the named daemon may, in some circumstan ...
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.
Уязвимость демона named DNS-сервера BIND, позволяющая нарушителю вызвать отказ в обслуживании
7.5 High
CVSS3