bind 安全漏洞 (CVE-2023-50868)

CVE编号

CVE-2023-50868

利用情况

暂无

补丁情况

N/A

披露时间

2024-02-15
漏洞描述
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
http://www.openwall.com/lists/oss-security/2024/02/16/2
http://www.openwall.com/lists/oss-security/2024/02/16/3
https://access.redhat.com/security/cve/CVE-2023-50868
https://bugzilla.suse.com/show_bug.cgi?id=1219826
https://datatracker.ietf.org/doc/html/rfc5155
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1
https://kb.isc.org/docs/cve-2023-50868
https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
https://security.netapp.com/advisory/ntap-20240307-0008/
https://www.isc.org/blogs/2024-bind-security-release/
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
系统 alpine_3.16 bind * Up to
(excluding)
9.16.48-r0
运行在以下环境
系统 alpine_3.17 bind * Up to
(excluding)
9.18.24-r0
运行在以下环境
系统 alpine_3.18 bind * Up to
(excluding)
9.18.24-r0
运行在以下环境
系统 alpine_3.19 bind * Up to
(excluding)
9.18.24-r0
运行在以下环境
系统 fedora_38 bind * Up to
(excluding)
9.18.24-1.fc38
运行在以下环境
系统 fedora_39 bind * Up to
(excluding)
9.18.24-1.fc39
运行在以下环境
系统 fedora_41 bind * Up to
(excluding)
9.18.24-1.fc41
运行在以下环境
系统 fedora_EPEL_8 pdns-recursor * Up to
(excluding)
4.8.6-1.el8
运行在以下环境
系统 fedora_EPEL_9 pdns-recursor * Up to
(excluding)
4.8.6-1.el9
运行在以下环境
系统 opensuse_Leap_15.5 pdns-recursor * Up to
(excluding)
4.8.6-bp155.2.3.1
CVSS3评分
N/A
  • 攻击路径
    N/A
  • 攻击复杂度
    N/A
  • 权限要求
    N/A
  • 影响范围
    N/A
  • 用户交互
    N/A
  • 可用性
    N/A
  • 保密性
    N/A
  • 完整性
    N/A
N/A
CWE-ID 漏洞类型
阿里云安全产品覆盖情况