QID 355147
Date Published: 2023-05-29
QID 355147: Amazon Linux Security Advisory for bind : ALAS2023-2023-010
A cache poisoning vulnerability was found in bind when using forwarders.
Bogus ns records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason.
This issue causes it to obtain and pass on potentially incorrect answers.
This flaw allows a remote attacker to manipulate cache results with incorrect records, leading to queries made to the wrong servers, possibly resulting in false information received on the client's end. (
( CVE-2021-25220) a flaw was found in bind that incorrectly handles certain crafted tcp streams.
The vulnerability allows tcp connection slots to be consumed for an indefinite time frame via a specifically crafted tcp stream sent from a client.
This flaw allows a remote attacker to send specially crafted tcp streams with keep-response-order enabled that could cause connections to bind to remain in close_wait status for an indefinite period, even after the client has terminated the connection.
This issue results in bind consuming resources, leading to a denial of service. (
( CVE-2022-0396)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2023-2023-010 -
alas.aws.amazon.com/AL2023/ALAS-2023-010.html
CVEs related to QID 355147
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2023-2023-010 | amazon linux 2023 |
alas.aws.amazon.com/AL2023/ALAS-2023-010.html |