nl-kat-coordination icon indicating copy to clipboard operation
nl-kat-coordination copied to clipboard

Published 20 hours ago verified publisher icon minvws

Kat dns serverversion

Open underdarknl opened this issue 7 months ago • 1 comments

Changes

Adds support for finding DNS Server versions

Issue link

On 23 July 2024 we (Internet Systems Consortium) disclosed four vulnerabilities affecting our BIND 9 software:

  • CVE-2024-0760: A flood of DNS messages over TCP may make the server unstable https://kb.isc.org/docs/cve-2024-0760
  • CVE-2024-1737: BIND's database will be slow if a very large number of RRs exist at the same name https://kb.isc.org/docs/cve-2024-1737
  • CVE-2024-1975: SIG(0) can be used to exhaust CPU resources https://kb.isc.org/docs/cve-2024-1975
  • CVE-2024-4076: Assertion failure when serving both stale cache data and authoritative zone content https://kb.isc.org/docs/cve-2024-4076

New versions of BIND 9 are available from https://www.isc.org/downloads

Operators and package maintainers who prefer to apply patches selectively can find individual vulnerability-specific patches in the "patches" subdirectory of each published release directory:

  • https://downloads.isc.org/isc/bind9/9.18.28/patches/

With the public announcement of these vulnerabilities, the embargo period is ended and any updated software packages that have been prepared may be released.

QA notes

Many authoritative nameservers are still unpatched, use Shodan to find some with a version string and Bind.

Code Checklist

  • [ ] All the commits in this PR are properly PGP-signed and verified.
  • [ ] This PR only contains functionality relevant to the issue.
  • [ ] I have written unit tests for the changes or fixes I made.
  • [ ] I have checked the documentation and made changes where necessary.
  • [ ] I have performed a self-review of my code and refactored it to the best of my abilities.
  • [ ] Tickets have been created for newly discovered issues.
  • [ ] For any non-trivial functionality, I have added integration and/or end-to-end tests.
  • [ ] I have informed others of any required .env changes files if required and changed the .env-dist accordingly.
  • [ ] I have included comments in the code to elaborate on what is not self-evident from the code itself, including references to issues and discussions online, or implicit behavior of an interface.

Checklist for code reviewers:

Copy-paste the checklist from the docs/source/templates folder into your comment.

Checklist for QA:

Copy-paste the checklist from the docs/source/templates folder into your comment.

underdarknl avatar Jul 24 '24 09:07 underdarknl