9 野に咲く名無し@転載禁止 2024/07/26 (金) 01:06:22.144 ID:???-814790326812
CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software
https://thehackernews.com/2024/07/cisa-warns-of-exploitable.html
The list of four vulnerabilities is listed below -
CVE-2024-4076 (CVSS score: 7.5) - Due to a logic error, lookups that triggered serving stale data and required lookups in local authoritative zone data could have resulted in an assertion failure
CVE-2024-1975 (CVSS score: 7.5) - Validating DNS messages signed using the SIG(0) protocol could cause excessive CPU load, leading to a denial-of-service condition.
CVE-2024-1737 (CVSS score: 7.5) - It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing
CVE-2024-0760 (CVSS score: 7.5) - A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to respond slowly or not at all for other clients