Уязвимость CVE-2023-50868: Информация

Описание

The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-50868
Опубликовано: 14 февраля 2024 г.
Изменено: 7 марта 2024 г.

Исправленные пакеты

Имя пакета
Ветка
Исправлено в версии
Версия в репозитории
Errata ID
№ Задания
Состояние
unboundsisyphus1.19.1-alt11.19.3-alt1ALT-PU-2024-2451-1340809Исправлено
unboundsisyphus_e2k1.19.1-alt11.19.3-alt1ALT-PU-2024-2533-1-Исправлено
unboundsisyphus_riscv641.19.1-alt11.19.3-alt1ALT-PU-2024-3536-1-Исправлено
unboundsisyphus_loongarch641.19.1-alt11.19.3-alt1ALT-PU-2024-2503-1-Исправлено
unboundp101.19.1-alt11.19.3-alt1ALT-PU-2024-2453-2340810Исправлено
unboundp10_e2k1.19.1-alt11.19.3-alt1ALT-PU-2024-2787-1-Исправлено
unboundp91.19.1-alt11.19.3-alt1ALT-PU-2024-2605-2340811Исправлено
unboundp9_mipsel1.19.3-alt11.19.3-alt1ALT-PU-2024-6993-1-Исправлено
unboundc10f11.19.1-alt11.19.2-alt1ALT-PU-2024-2607-2340813Исправлено
unboundc9f21.19.1-alt11.19.2-alt1ALT-PU-2024-2455-2340812Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
    https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
      https://www.isc.org/blogs/2024-bind-security-release/
        https://datatracker.ietf.org/doc/html/rfc5155
          https://kb.isc.org/docs/cve-2023-50868
            https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1
              https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
                https://access.redhat.com/security/cve/CVE-2023-50868
                  https://bugzilla.suse.com/show_bug.cgi?id=1219826
                    [oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities
                      [oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities
                        FEDORA-2024-2e26eccfcb
                          FEDORA-2024-e24211eff0
                            FEDORA-2024-21310568fa
                              [debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update
                                FEDORA-2024-b0f9656a76
                                  FEDORA-2024-4e36df9dfd
                                    FEDORA-2024-499b9be35f
                                      FEDORA-2024-c36c448396
                                        FEDORA-2024-c967c7d287
                                          FEDORA-2024-e00eceb11c
                                            FEDORA-2024-fae88b73eb
                                              https://security.netapp.com/advisory/ntap-20240307-0008/
                                                VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                                                Версия: v24.4.2
                                                Наверх