Main Vulnerability Database SB2024080749

SB2024080749 - SUSE update for bind

Published: August 7, 2024

Security Bulletin ID SB2024080749

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2024-1737)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when handling a very large number of RRs. Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.

2) Resource exhaustion (CVE-ID: CVE-2024-1975)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2024/suse-su-20242811-1/

Vulnerable Software

SUSE Linux Enterprise Micro: 5.0 - 5.5
SUSE Manager Client Tools for SLE Micro: 5
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
bind-doc: before 9.16.6-150000.12.77.1
bind: before 9.16.6-150000.12.77.1
libisccc1600-debuginfo: before 9.16.6-150000.12.77.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.77.1
bind-devel: before 9.16.6-150000.12.77.1
libisc1606-debuginfo: before 9.16.6-150000.12.77.1
bind-chrootenv: before 9.16.6-150000.12.77.1
bind-debugsource: before 9.16.6-150000.12.77.1
bind-debuginfo: before 9.16.6-150000.12.77.1
libirs1601-debuginfo: before 9.16.6-150000.12.77.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.77.1
libdns1605-debuginfo: before 9.16.6-150000.12.77.1
bind-utils-debuginfo: before 9.16.6-150000.12.77.1
libirs-devel: before 9.16.6-150000.12.77.1
python3-bind: before 9.16.6-150000.12.77.1
libisc1606-64bit: before 9.16.6-150000.12.77.1
libisccc1600-64bit: before 9.16.6-150000.12.77.1
libbind9-1600-64bit: before 9.16.6-150000.12.77.1
libirs1601-64bit: before 9.16.6-150000.12.77.1
libisccfg1600-64bit: before 9.16.6-150000.12.77.1
libdns1605-64bit: before 9.16.6-150000.12.77.1
libisc1606: before 9.16.6-150000.12.77.1
libbind9-1600: before 9.16.6-150000.12.77.1
libns1604-debuginfo: before 9.16.6-150000.12.77.1
libirs1601: before 9.16.6-150000.12.77.1
libisccfg1600: before 9.16.6-150000.12.77.1
libisccc1600: before 9.16.6-150000.12.77.1
libns1604: before 9.16.6-150000.12.77.1
libdns1605: before 9.16.6-150000.12.77.1
bind-utils: before 9.16.6-150000.12.77.1