vulnerability

Oracle Linux: CVE-2023-50868: ELSA-2024-1335: dnsmasq security update (IMPORTANT) (Multiple Advisories)

Try Surface Command
Back to search
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
2024-02-13
Added
2024-02-28
Modified
2025-02-04

Description

The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host.
This vulnerability applies only for systems where DNSSEC validation is enabled.

Solution(s)

oracle-linux-upgrade-bindoracle-linux-upgrade-bind9-16oracle-linux-upgrade-bind9-16-chrootoracle-linux-upgrade-bind9-16-develoracle-linux-upgrade-bind9-16-dnssec-utilsoracle-linux-upgrade-bind9-16-docoracle-linux-upgrade-bind9-16-libsoracle-linux-upgrade-bind9-16-licenseoracle-linux-upgrade-bind9-16-utilsoracle-linux-upgrade-bind-chrootoracle-linux-upgrade-bind-develoracle-linux-upgrade-bind-dnssec-docoracle-linux-upgrade-bind-dnssec-utilsoracle-linux-upgrade-bind-docoracle-linux-upgrade-bind-dyndb-ldaporacle-linux-upgrade-bind-export-develoracle-linux-upgrade-bind-export-libsoracle-linux-upgrade-bind-libsoracle-linux-upgrade-bind-libs-liteoracle-linux-upgrade-bind-licenseoracle-linux-upgrade-bind-lite-develoracle-linux-upgrade-bind-pkcs11oracle-linux-upgrade-bind-pkcs11-develoracle-linux-upgrade-bind-pkcs11-libsoracle-linux-upgrade-bind-pkcs11-utilsoracle-linux-upgrade-bind-sdboracle-linux-upgrade-bind-sdb-chrootoracle-linux-upgrade-bind-utilsoracle-linux-upgrade-dhclientoracle-linux-upgrade-dhcporacle-linux-upgrade-dhcp-clientoracle-linux-upgrade-dhcp-commonoracle-linux-upgrade-dhcp-develoracle-linux-upgrade-dhcp-libsoracle-linux-upgrade-dhcp-relayoracle-linux-upgrade-dhcp-serveroracle-linux-upgrade-dnsmasqoracle-linux-upgrade-dnsmasq-utilsoracle-linux-upgrade-python3-bindoracle-linux-upgrade-python3-bind9-16oracle-linux-upgrade-python3-unboundoracle-linux-upgrade-unboundoracle-linux-upgrade-unbound-develoracle-linux-upgrade-unbound-libsoracle-linux-upgrade-unbound-python

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today