Kowatek Solar LTD
Dominion Energy seeking RFPs for renewable PPAs
14:06
Dominion Energy seeking RFPs for renewable PPAs
Less than 24 hours until Disrupt 2025 — and ticket rates rise
14:33
Less than 24 hours until Disrupt 2025 — and ticket rates rise
 I am determined – Climate Generation
10:46
 I am determined – Climate Generation
Here’s When You Shouldn’t Buy Solar + Batteries
07:31
Here’s When You Shouldn’t Buy Solar + Batteries
‘World’s largest’ industrial heat battery is online and solar-powered
07:15
‘World’s largest’ industrial heat battery is online and solar-powered
Battery Power Online | New Cathode Material Pushes Rechargeable Magnesium Batteries Forward
06:56
Battery Power Online | New Cathode Material Pushes Rechargeable Magnesium Batteries Forward
Trump wants to permanently halt offshore wind development in New Jersey
03:37
Trump wants to permanently halt offshore wind development in New Jersey
We’re Waging A War In Defense Of Clean Energy – Kowatek Solar LTD
21:38
We’re Waging A War In Defense Of Clean Energy – Kowatek Solar LTD
We’re Waging A War In Defense Of Clean Energy
07:53
We’re Waging A War In Defense Of Clean Energy
eco-friendly branding
16:56
eco-friendly branding

ISC Releases Security Patches for New BIND DNS Software Vulnerabilities

January 28, 2023Rabbi LakshmananServer Security / DNS

BIND DNS software vulnerabilities

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial of service (DoS) condition. Did.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory released on Friday that “remote attackers could exploit these vulnerabilities to cause a denial of service condition or system failure. ‘ said.

According to the company’s website, this open-source software is used by major financial institutions, domestic and international carriers, Internet Service Providers (ISPs), retailers, manufacturers, educational institutions, and government agencies.

All four flaws exist in the BIND9 service, which acts as an authoritative nameserver for a fixed set of DNS zones, or named, which acts as a recursive resolver for clients on the local network.

Here is a list of bugs rated 7.5 on the CVSS scoring system:

  • CVE-2022-3094 – A flood of UPDATE messages can cause named to exhaust all available memory
  • CVE-2022-3488 – Processing ECS ​​options in repeated responses to iterative queries may terminate the specified BIND support preview editions unexpectedly
  • CVE-2022-3736 – Named configured to respond from old cache may exit unexpectedly while processing RRSIG queries
  • CVE-2022-3924 – Named configured to respond from stale cache may terminate unexpectedly with soft quota for recursive clients

Successful exploitation of the vulnerability may cause the specified service to crash or exhaust available memory on the target server.

This issue affects versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1. CVE-2022-3488 also affects BIND Enabled Preview Edition versions 9.11.4-S1 through 9.11.37-S1. These issues are resolved in versions 9.16.37, 9.18.11, 9.19.9, and 9.16.37-S1.

Although there is no evidence of any of these vulnerabilities being actively exploited, we recommend upgrading to the latest version as soon as possible to mitigate potential threats.

Did you find this article interesting?Please follow us twitter and LinkedIn to read more exclusive content we post.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us