Vulnerability Management, Threat Management

Novel BIND9 DNS software bugs addressed

Share

The Hacker News reports that four security flaws in the Berkeley Internet Name Domain 9 Domain Name System software suite that could be exploited to achieve a denial-of-service condition have been fixed by the Internet Systems Consortium. Threat actors could also leverage the vulnerabilities, tracked as CVE-2022-3094, CVE-2022-3488, CVE-2022-3736, and CVE-2022-3924, to either prompt crashes on the named service or exhaust available memory on the targeted server. "A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures," said the Cybersecurity and Infrastructure Security Agency in an advisory. BIND9 DNS versions 9.16.0 to 9.16.36, 9.18.0 to 9.18.10, 9.19.0 to 9.19.8, and 9.16.8-S1 to 9.16.36-S1 are impacted by all the vulnerabilities, while BIND Supported Preview Edition versions 9.11.4-S1 to 9.11.37-S1 are vulnerable to exploitation of CVE-2022-3488. No active exploitation has been recorded but immediate upgrades to versions 9.16.37, 9.18.11, 9.19.9, and 9.16.37-S1 have been urged to prevent potential threats.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds