Denial of Service Vulnerability in DNS servers (KeyTrap+ NSEC3)
Indian - Computer Emergency Response Team (cert-in.org.in)
Severity Rating: High
Overview
Two vulnerabilities have been reported in DNS protocol which could allow a remote attacker to cause Denial of Service (DoS) condition on the target DNS server.
Description
Domain Name System (DNS) is a protocol that allows us to use human readable names to communicate over networks, rather than having to manage and memorize IP addresses.
The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups.
These vulnerabilities exist due to improper input validation while processing DNSSEC related records. A remote attacker could exploit these vulnerabilities to cause denial of service (through CPU consumptions) via DNSSEC responses due to NSEC3 issue or Key Trap issue.
Successful exploitation of these vulnerabilities could allow a remote attacker to perform Denial of Service (DoS) condition on the targeted DNS server.
Solution
Apply appropriate security updates to the latest product versions immediately or once they are released by the respective vendors and other mitigation techniques as applicable.
CVE Name: CVE-2023-50387,CVE-2023-50868
Hi,
I recently got the about the CVE-2023-50387 and CVE-2023-50868 vulnerabilities found, I am using the Route53 service as DNS provider so I am little confused do CVEs mentioned above affect route53 as well or not? If yes then has AWS taken the right steps to mitigate it? I checked the AWS Security Bulletins but could not find anything about CVEs.
Thanks in advance,
Mahesh
AWS UFFICIALEAggiornata un anno fa