BIND: Denial of Service in BIND's Additional Section Record Handler (CVE-2024-11187) #shorts
Summary
In today's podcast, we're delving into CVE-2024-11187, a newly identified vulnerability that impacts the widely-used ISC BIND software. This vulnerability, published on January 29, 2025, and updated on February 7, 2025, exposes systems to potential denial-of-service attacks through crafted DNS queries.
Product details
The affected software is ISC BIND 9, with impacted versions including 9.11.0 to 9.11.37, 9.16.0 to 9.16.50, 9.18.0 to 9.18.32, 9.20.0 to 9.20.4, and 9.21.0 to 9.21.3, among others. These versions are vulnerable due to a flaw in the DNS record processing that can be exploited to cause denial of service.
Vulnerability type summary
CVE-2024-11187 falls under the category of Asymmetric Resource Consumption, specifically CWE-405. This denotes a type of vulnerability where a very small commitment of resources by the attacker can lead to a significantly larger consumption of resources on the victim’s side, potentially leading to a denial of service.
Details of the vulnerability
This vulnerability can be exploited by constructing a zone in BIND such that certain queries will result in replies with numerous DNS records in the Additional section. An attacker can repeatedly send these queries to exhaust server resources, thereby leading to a denial of service. The attack is particularly potent against authoritative servers and resolvers that haven't been patched.
Conclusion
In conclusion, CVE-2024-11187 poses a significant risk to organizations relying on ISC BIND 9 for DNS services. Users of affected versions are strongly advised to apply security updates as released by their distributions, such as SUSE's important advisories, to mitigate the potential for denial of service attacks. Keeping software up-to-date is critical in maintaining secure network infrastructures.
Watch the full video on YouTube: CVE-2024-11187
Remediation and exploitation details
This chain involves the following actors
This following systems are involved
Attack entry point
Remediation actions
Exploitation actions
Related Content
NOTE: The following related content has not been vetted and may be unsafe.