CVE-2024-0760: A flood of DNS messages over TCP may make the server unstable
First published: Tue Jul 23 2024(Updated: )
A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.
Credit: security-officer@isc.org security-officer@isc.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/bind9 | 1:9.16.50-1~deb11u2 1:9.16.50-1~deb11u1 1:9.18.28-1~deb12u2 1:9.18.33-1~deb12u2 1:9.20.4-4 1:9.20.5-1 |
Remedy
Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.28, 9.20.0, or 9.18.28-S1.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.theregister.com/2024/07/29/infosec_roundup/
- http://www.openwall.com/lists/oss-security/2024/07/23/1
- http://www.openwall.com/lists/oss-security/2024/07/31/2
- https://kb.isc.org/docs/cve-2024-0760
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0760
- https://nvd.nist.gov/vuln/detail/CVE-2024-0760
- https://launchpad.net/bugs/cve/CVE-2024-0760
- https://security-tracker.debian.org/tracker/CVE-2024-0760
- https://ubuntu.com/security/CVE-2024-0760
- https://security.netapp.com/advisory/ntap-20240731-0004/
- https://www.ibm.com/support/pages/node/7182403 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-0760?
CVE-2024-0760 is considered a high severity vulnerability due to its potential to cause instability in DNS servers under attack.
How do I fix CVE-2024-0760?
To fix CVE-2024-0760, upgrade to the fixed versions of BIND, specifically 1:9.16.50-1~deb11u2, 1:9.16.50-1~deb11u1, 1:9.18.28-1~deb12u2, or 1:9.20.4-3.
Which versions of BIND are affected by CVE-2024-0760?
CVE-2024-0760 affects BIND 9 versions from 9.18.1 through 9.18, as well as earlier versions listed.
Does using ACLs help mitigate CVE-2024-0760?
Using Access Control Lists (ACLs) will not mitigate the effects of CVE-2024-0760.
What does CVE-2024-0760 exploit in DNS servers?
CVE-2024-0760 exploits the ability of a malicious client to overwhelm DNS servers with excessive TCP messages during an attack.
- agent/remedy
- agent/title
- agent/type
- collector/oss-sec
- source/oss-sec
- alias/CVE-2024-0760
- alias/CVE-2024-1737
- alias/CVE-2024-1975
- alias/CVE-2024-4076
- agent/severity
- agent/first-publish-date
- agent/author
- collector/the-register
- source/The Register
- collector/nvd-api
- source/NVD
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/nvd-cve
- agent/last-modified-date
- agent/references
- agent/trending
- agent/source
- agent/tags
- agent/event
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- collector/ibm-support
- source/IBM
- package-manager/debian