 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.149834 |
| Categoría: | Denial of Service |
| Título: | ISC BIND DoS Vulnerability (CVE-2023-2829) - Linux |
| Resumen: | ISC BIND is prone to a denial of service (DoS) vulnerability. |
| Descripción: | Summary: ISC BIND is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (synth-from-dnssec) enabled can be remotely terminated using a zone with a malformed NSEC record. Vulnerability Impact: By sending specific queries to the resolver, an attacker can cause named to terminate unexpectedly. Note that the BIND configuration option synth-from-dnssec is enabled by default in all versions of BIND 9.18 and 9.18-S and newer. In earlier versions of BIND that had this option available, it was disabled unless activated explicitly in named.conf. Affected Software/OS: ISC BIND versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1. Solution: Update to version 9.16.42-S1, 9.18.16-S1 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-2829 CVE-2023-2829 https://kb.isc.org/docs/cve-2023-2829 |
| Copyright | Copyright (C) 2023 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |