Brief

Here is a summary of the provided document:

Summary:

The United States government's Cybersecurity & Infrastructure Security Agency (CISA) has released a security advisory to address vulnerabilities affecting the Internet Systems Consortium's (ISC) Berkeley Internet Name Domain (BIND) 9. The vulnerabilities, identified as CVE-2023-4236 and CVE-2023-3341, could allow a malicious actor to cause denial-of-service conditions. CISA encourages users and administrators to review the advisories and apply necessary updates or workarounds to mitigate the risks.

U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov

A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS

A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Cybersecurity & Infrastructure Security Agency

America’s Cyber Defense Agency

Search

America’s Cyber Defense Agency

Alert

Release Date

The Internet Systems Consortium (ISC) has released security advisories to address vulnerabilities affecting ISC’s Berkeley Internet Name Domain (BIND) 9. A malicious cyber actor could exploit these vulnerabilities to cause denial-of-service conditions.

CISA encourages users and administrators to review the following ISC advisories and apply necessary updates or workarounds:

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.

Related Advisories

Highlights content goes here...

Summary:

On September 21, 2023, the Cybersecurity & Infrastructure Security Agency (CISA), America’s Cyber Defense Agency, issued an alert regarding vulnerabilities affecting the Internet Systems Consortium’s (ISC) Berkeley Internet Name Domain (BIND) 9. A malicious actor may exploit these vulnerabilities to cause denial-of-service conditions.

The alert specifically mentions two issues:

1. CVE-2023-4236: A vulnerability in BIND 9’s named service may cause it to terminate unexpectedly under high DNS-over-TLS (DoT) query load.
2. CVE-2023-3341: A stack exhaustion flaw in the control channel code may also cause named to terminate unexpectedly.

To mitigate these risks, CISA recommends that users and administrators review the ISC advisories and apply necessary updates or workarounds. They should also ensure that the updates are installed on systems to prevent potential denial-of-service conditions.

Additionally, the alert mentions related advisories that were issued on the same date, including updates on known exploited vulnerabilities, industrial control systems advisories, a security advisory for Drupal, and an Atlassian security bulletin. These advisories are intended to provide users with important information on securing their systems and data.

Notification and Privacy Policy:

It is essential to note that this alert is provided subject to the CISA Notification and Privacy & Use policy.

Call to Action:

If you have any thoughts or feedback on this alert, please share them using the provided anonymous product survey.

Cybersecurity and Infrastructure Security Agency

Quick Insight
RADA.AI
RADA.AI
Hello! I'm RADA.AI - Regulatory Analysis and Decision Assistance. Your Intelligent guide for compliance and decision-making. How can i assist you today?
Suggested

Form successfully submitted. One of our GRI rep will contact you shortly

Thanking You!

Login

Enter your Email

Enter your email id below to signup.

Enter your Email

Enter your email id below to signup.
Individual Plan
$125 / month OR $1250 / year
Features
Best for: Researchers, Legal professionals, Academics
Enterprise Plan
Contact for Pricing
Features
Best for: Law Firms, Corporations, Government Bodies