ISC Releases Security Advisory for BIND

Update for the Berkeley Internet Name Domain system

Threat ID:: CC-4098
Threat Severity:: Information only
Published:: 20 May 2022 1:27 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Update for the Berkeley Internet Name Domain system

Affected platforms

The following platforms are known to be affected:

Versions: 9.19.0, 9.18.0 to 9.18.2

Berkeley Internet Name Domain (BIND) System

Threat details

Introduction

The Internet Systems Consortium (ISC) has released a security update that addresses a denial-of-service (DoS) vulnerability in versions of ISC BIND.

If a TLS connection to a configured http TLS listener with a defined endpoint is destroyed too early, the named daemon may terminate with an assertion failure. A remote attacker could exploit this vulnerability to cause a DoS condition.

Remediation advice

Affected organisations are encouraged to review the ISC security advisory CVE-2022-1183: Destroying a TLS session early causes assertion failure and apply the necessary update.

Definitive source of threat updates

https://kb.isc.org/docs/cve-2022-1183

CVE Vulnerabilities

Status Published

CVE-2022-1183

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.

Last edited: 20 May 2022 1:30 pm