ISC BIND up to 9.19.16 Control Channel Message recursion

Summaryinfo

A vulnerability marked as critical has been reported in ISC BIND up to 9.16.43/9.16.43-S1/9.18.18/9.18.18-S1/9.19.16. Affected is an unknown function of the component Control Channel Message Handler. The manipulation leads to recursion. This vulnerability is documented as CVE-2023-3341. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, has been found in ISC BIND up to 9.16.43/9.16.43-S1/9.18.18/9.18.18-S1/9.19.16 (Domain Name Software). This issue affects an unknown code of the component Control Channel Message Handler. The manipulation with an unknown input leads to a recursion vulnerability. Using CWE to declare the problem leads to CWE-674. The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. Impacted is availability. The summary by CVE is:

The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.

The weakness was released 09/20/2023. The advisory is shared at openwall.com. The identification of this vulnerability is CVE-2023-3341 since 06/20/2023. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1499 for this issue.

The vulnerability scanner Nessus provides a plugin with the ID 209561 (AIX (IJ4442)), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 9.16.44, 9.18.19 or 9.19.17 eliminates this vulnerability.

The vulnerability is also documented in the databases at Tenable (209561) and EUVD (EUVD-2023-44009). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Domain Name Software

Vendor

• ISC

Name

• BIND

Version

• 9.16.0
• 9.16.1
• 9.16.2
• 9.16.3
• 9.16.4
• 9.16.5
• 9.16.6
• 9.16.7
• 9.16.8
• 9.16.9
• 9.16.10
• 9.16.11
• 9.16.12
• 9.16.13
• 9.16.14
• 9.16.15
• 9.16.16
• 9.16.17
• 9.16.18
• 9.16.19
• 9.16.20
• 9.16.21
• 9.16.22
• 9.16.23
• 9.16.24
• 9.16.25
• 9.16.26
• 9.16.27
• 9.16.28
• 9.16.29
• 9.16.30
• 9.16.31
• 9.16.32
• 9.16.33
• 9.16.34
• 9.16.35
• 9.16.36
• 9.16.37
• 9.16.38
• 9.16.39
• 9.16.40
• 9.16.41
• 9.16.42
• 9.16.43
• 9.16.43-S1
• 9.18.0
• 9.18.1
• 9.18.2
• 9.18.3
• 9.18.4
• 9.18.5
• 9.18.6
• 9.18.7
• 9.18.8
• 9.18.9
• 9.18.10
• 9.18.11
• 9.18.12
• 9.18.13
• 9.18.14
• 9.18.15
• 9.18.16
• 9.18.17
• 9.18.18
• 9.18.18-S1
• 9.19.0
• 9.19.1
• 9.19.2
• 9.19.3
• 9.19.4
• 9.19.5
• 9.19.6
• 9.19.7
• 9.19.8
• 9.19.9
• 9.19.10
• 9.19.11
• 9.19.12
• 9.19.13
• 9.19.14
• 9.19.15
• 9.19.16

License

• open-source

Website

• Vendor: https://www.isc.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion