High-Severity BIND DNS Flaw Let Attackers Exploit Remotely

Security fixes have been issued that address three high-severity vulnerabilities in several versions of the Internet Systems Consortium (ISC’s) Berkeley Internet Name Domain (BIND DNS Flaw) 9.

An attacker might exploit these flaws remotely to result in denial-of-service conditions possibly.

Read moreBuilding cyber skills and roles from CyBOK foundations

BIND 9 is an open-source and fully featured comprehensive DNS system. BIND 9 may be configured as an authoritative name server, a resolver, and, on supported hosts, a stub resolver (through its name. conf file) BIND DNS Flaw.

The BIND DNS is used in major financial institutions, national & international carriers, ISPs, retailers, manufacturers, Universities, and Government organizations.

Vulnerabilities

Read moreAccessibility as a cyber security priority

CVE-2023-2828

CVE-2023-2829

Read moreNew interactive video - and related downloads - to help secondary school kids stay safe online

CVE-2023-2911

CVE-2023-2828, named’s configured cache size limit can be significantly exceeded.

Read moreNigerian Cybercrime Ring's Phishing Tactics Exposed

An attacker can use this problem to cause the amount of memory a named resolver utilizes to exceed the set max-cache-size limit

The attack’s success is determined by various parameters (e.g., query load, query patterns). Still, because the default value of the max-cache-size statement is 90%, the attacker can exhaust all available memory on the host running named, resulting in a denial-of-service issue.

Versions Affected:

Read moreS3 Ep135: Sysadmin by day, extortionist by night

BIND

9.11.0 -> 9.16.41

Read moreUS offers $10m bounty for Russian ransomware suspect outed in indictment

9.18.0 -> 9.18.15

9.19.0 -> 9.19.13

Read moreBelkin Wemo Smart Plug V2 – the buffer overflow that won’t be patched

BIND Supported Preview Edition

9.11.3-S1 -> 9.16.41-S1

Read moreZut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France

9.18.11-S1 -> 9.18.15-S1

Solution

Upgrade to the patched release most closely related to your current version of BIND 9:

Read moreHeads Up CEO! Cyber Risk Influences Company Credit Ratings

9.16.42

9.18.16

Read moreCISA, NSA Issue New IAM Best Practice Guidelines

9.19.14

BIND Supported Preview Edition 

Read more6 Ways to Mitigate Risk While Expanding Access

9.16.42-S1

9.18.16-S1

Read moreHypervisors and Ransomware: Defending Attractive Targets

CVE-2023-2829, malformed NSEC records can cause names to terminate unexpectedly when synth-from-dnssec is enabled.

An attacker can cause the name to terminate abruptly by submitting particular queries to the resolver.

Versions Affected:

Read moreNIST Launches Cybersecurity Initiative for Small Businesses

BIND Supported Preview Edition

9.16.8-S1 -> 9.16.41-S1

Read moreEducating Your Board of Directors on Cybersecurity

9.18.11-S1 -> 9.18.15-S1

Solution:

BIND Supported Preview Edition:

Read morePersonal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack

9.16.42-S1

9.18.16-S1

Read moreMany Vulnerabilities Found in PrinterLogic Enterprise Software

CVE-2023-2911, exceeding the recursive-clients quota, may cause the name to terminate unexpectedly when stale-answer-client-timeout is set to 0.

By sending specific queries to the resolver, an attacker can cause the name to terminate unexpectedly.

Versions Affected:

Read moreIndustrial Giant ABB Confirms Ransomware Attack, Data Theft

BIND

9.16.33 -> 9.16.41

Read moreOrganizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation

9.18.7 -> 9.18.15

BIND Supported Preview Edition

Read moreGoogle Cloud Users Can Now Automate TLS Certificate Lifecycle

9.16.33-S1 -> 9.16.41-S1

9.18.11-S1 -> 9.18.15-S1

Solution:

Read moreZyxel Firewalls Hacked by Mirai Botnet

Upgrade to the patched release most closely related to your current version of BIND 9:

9.16.42

Read moreWatch Now: Threat Detection and Incident Response Virtual Summit

9.18.16

BIND Supported Preview Edition:

Read moreNCC Group Releases Open Source Tools for Developers, Pentesters

9.16.42-S1

9.18.16-S1

Read moreMemcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation

Hence, affected companies should examine the ISC security warnings and implement necessary upgrades or fixes.

Manage and secure Your Endpoints Efficiently – Free Download

Read morePyPI Enforcing 2FA for All Project Maintainers to Boost Security

The post High-Severity BIND DNS Flaw Let Attackers Exploit Remotely appeared first on Cyber Security News.

   Read More 

Read moreCredible Handwriting Machine

Cyber Security News 

Related Posts

LangChain JS Vulnerability Let Attackers Expose Sensitive Information

LangChain JS Vulnerability Let Attackers Expose Sensitive Information

LangChain, an open-source project designed to assist developers in building applications powered by large language models (LLMs), offers libraries in both Python and JavaScript.

LangChain is a framework that makes it easier for developers to use large language models (LLMs) in various applications.

Recently, a 37-year-old cybersecurity researcher, Evren, identified that the LangChain JS vulnerability allows threat actors to expose sensitive information.

The vulnerability, classified as an Arbitrary File Read (AFR) issue, stems from improper input validation when handling user-supplied URLs.

By exploiting this flaw with Server Side Request Forgery (SSRF), an attacker could craft malicious URLs pointing to local files on the server, enabling them to access and read sensitive information they should not have access to.

These vulnerabilities can enable XSS attacks, which inject malicious code into victims’ browsers. Widely used JS libraries or frameworks with security flaws can also impact numerous sites simultaneously.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

“The fact that this project has more than 11,000 stars and more than 380,000 weekly downloads shows its popularity and widespread use,” stated the security researcher who discovered the vulnerability. “I could not find any guidelines in the LangChain documentation indicating what measures should be taken when receiving a URL from a user, which in my personal opinion, poses a high risk.”

The researcher provided a proof-of-concept (PoC) code demonstrating how an attacker could leverage the vulnerability.

The vulnerability was reported to the LangChain team, who classified it as “Informative”. The team stated that LangChain JS utilizes the Playwright project in the background and that developers are responsible for its secure implementation.

However, the researchers noted that the LangChain documentation lacks clear guidelines on the precautions developers should take when receiving URLs from users, leading them to consider this vulnerability high-risk.

Threat actors can use this vulnerability to access files on the server without authorization, which helps expose sensitive data. 

It allows developers to easily use LLMs in Python or JavaScript for document analysis, summarization, conversational AI, and code analysis. 

Mitigations

Here below, we have mentioned all the mitigations:-

Implement strict input validation, as this will properly sanitize and validate all the URLs.

Maintain an allowed domains list to restrict the URL fetching to only a specific set of domains that are marked as trusted.

Make sure to deny and block access to sensitive URL schemas like file://, ftp://, and others that should not be accessible.

Network segmentation is a must, as this helps in limiting the access to internal network resources and services.

ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service

The post LangChain JS Vulnerability Let Attackers Expose Sensitive Information appeared first on Cyber Security News.

 Read More