CVE-2022-38177 – Memory leak in ECDSA DNSSEC verification code
https://notcve.org/view.php?id=CVE-2022-38177
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. Al falsificar el resolver objetivo con respuestas que presentan una firma ECDSA malformada, un atacante puede desencadenar una pequeña pérdida de memoria. Es posible erosionar gradualmente la memoria disponible hasta el punto de que named sea bloqueado por falta de recursos A flaw was found in the Bind package. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program. • http://www.openwall.com/lists/oss-security/2022/09/21/3 https://kb.isc.org/docs/cve-2022-38177 https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2022-2795 – Processing large delegations may severely degrade resolver performance
https://notcve.org/view.php?id=CVE-2022-2795
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. Al inundar el resolvedor de destino con consultas que explotan este fallo, un atacante puede perjudicar significativamente el rendimiento del resolvedor, negando efectivamente a los clientes legítimos el acceso al servicio de resolución DNS A flaw was found in bind. When flooding the target resolver with special queries, an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. • http://www.openwall.com/lists/oss-security/2022/09/21/3 https://kb.isc.org/docs/cve-2022-2795 https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5S • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-25220 – DNS forwarders - cache poisoning vulnerability
https://notcve.org/view.php?id=CVE-2021-25220
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. BIND versiones 9.11.0 posteriores a 9.11.36, versiones 9.12.0 posteriores a 9.16.26, versiones 9.17.0 posteriores a 9.18.0, Ediciones Preliminares Soportadas con BIND: versiones .11.4-S1 posteriores a 9.11.36-S1, versiones 9.16.8-S1 posteriores a 9.16.26-S1, también creemos que las versiones de BIND 9 anteriores a las mostradas - hasta la versión 9.1.0, incluyendo las ediciones preliminares soportadas - también están afectadas pero no han sido probadas ya que son EOL. La caché podría envenenarse con registros incorrectos, conllevando a una realización de consultas a servidores erróneos, lo que también podría resultar en que se devolviera información falsa a clientes A cache poisoning vulnerability was found in BIND when using forwarders. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. • https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf https://kb.isc.org/v1/docs/cve-2021-25220 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV https://lists.fedoraproject.org/archives/list/package-announc • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2021-25219 – Lame cache can be abused to severely degrade resolver performance
https://notcve.org/view.php?id=CVE-2021-25219
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing. En BIND versiones 9.3.0 posteriores a 9.11.35, versiones 9.12.0 posteriores a 9.16.21, y en versiones 9.9.3-S1 posteriores a 9.11.35-S1 y versiones 9.16.8-S1 posteriores a 9.16.21-S1 de BIND Supported Preview Edition, así como en las versiones 9.17.0 -> 9.17.18 de la rama de desarrollo de BIND 9.17, una explotación de servidores autoritativos rotos usando un fallo en el procesamiento de respuestas puede causar una degradación en el rendimiento del resolver BIND. La forma en que está diseñada actualmente la caché de lame hace posible que sus estructuras de datos internas crezcan casi infinitamente, lo que puede causar retrasos significativos en el procesamiento de las consultas de los clientes A flaw was found in the way bind processes broken responses from authoritative servers. This caching mechanism could be abused by an attacker to significantly degrade resolver performance. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://kb.isc.org/v1/docs/cve-2021-25219 https://lists.debian.org/debian-lts-announce/2021/11/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EF4NAVRV4H3W4GA3LGGZYUKD3HSJBAVW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGV7SA27CTYLGFJSPUM3V36ZWK7WWDI4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTKC4E3HUOLYN5 • CWE-20: Improper Input Validation •
CVE-2021-25216 – A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack
https://notcve.org/view.php?id=CVE-2021-25216
In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. • http://www.openwall.com/lists/oss-security/2021/04/29/1 http://www.openwall.com/lists/oss-security/2021/04/29/2 http://www.openwall.com/lists/oss-security/2021/04/29/3 http://www.openwall.com/lists/oss-security/2021/04/29/4 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://kb.isc.org/v1/docs/cve-2021-25215 https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html https://security.netapp.com/advisory/ntap-20210521-0006 http • CWE-125: Out-of-bounds Read •