📢 IBM has issued a new security bulletin [CVE-2024-6387] concerning vulnerabilities affecting BIND and its ISC links on IBM i.
💡 Why is it important?
BIND(Berkeley Internet Name Domain) is the most widely used open-source DNS server today. Developed by theInternet Systems Consortium (ISC), it plays a key role in domain name management.
⚠️ Problem: ISC BIND on IBM i is vulnerable to Denial of Service (DoS) attacks. A remote attacker can exploit these vulnerabilities to slow down the DNS database, cause a failure or exhaust server resources.
🔎 Vulnerability details
🛑 CVE-2024-1737 – Denial of service by cache overloading
🔹 Impact: An error in the management of DNS resolvers and zone databases containing a large number of records can be exploited to slow down server performance.
🔹 CVSS score: 7.5 / 10
🛑 CVE-2024-4076 – Assertion failure via distribution of obsolete data
🔹 Impact: A vulnerability in DNS cache management and authoritative zone data would allow an attacker to send malicious requests to cause an assertion failure.
🔴 CVE-2024-1975 – CPU resource exhaustion with SIG(0)
🔹 Impact: A server hosting a zone containing a “KEY” resource record or validating DNSSEC may fall victim to a SIG(0) attack.
🔹 Consequence: Total exhaustion of CPU resources, rendering the server inoperable.
⚡ CVE-2024-0760 – Server instability via TCP requests
🔹 Impact: By sending a massive stream of DNS requests over TCP, a remote attacker could render the server unstable and inoperable.
📌 Official source: 🔗 IBM security bulletin
🛠️ How to correct these flaws?
✔️ Apply the PTF patches recommended by IBM(see official documentation).
✔️ Update your version of BIND to take advantage of the latest security patches.
✔️ Monitor network activity to detect any attempts to exploit these vulnerabilities.
🔐 Don’t delay in applying these updates to secure your infrastructure! 🚀
⚡ Act now to secure your IT environment with STR-iCT!
🔐 Keep up to date with the latest cybersecurity alerts! 🚀
