Inquiry on Mitigation Measures for DNS Server Vulnerabilities (KeyTrap+ NSEC3)

0
Denial of Service Vulnerability in DNS servers (KeyTrap+ NSEC3)
Indian - Computer Emergency Response Team (cert-in.org.in)
Severity Rating: High
Overview
Two vulnerabilities have been reported in DNS protocol which could allow a remote attacker to cause Denial of Service (DoS) condition on the target DNS server.
Description
Domain Name System (DNS) is a protocol that allows us to use human readable names to communicate over networks, rather than having to manage and memorize IP addresses.
The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups.
These vulnerabilities exist due to improper input validation while processing DNSSEC related records. A remote attacker could exploit these vulnerabilities to cause denial of service (through CPU consumptions) via DNSSEC responses due to NSEC3 issue or Key Trap issue.
Successful exploitation of these vulnerabilities could allow a remote attacker to perform Denial of Service (DoS) condition on the targeted DNS server.
Solution
Apply appropriate security updates to the latest product versions immediately or once they are released by the respective vendors and other mitigation techniques as applicable.
CVE Name: CVE-2023-50387,CVE-2023-50868

Hi,

I recently got the about the CVE-2023-50387 and CVE-2023-50868 vulnerabilities found, I am using the Route53 service as DNS provider so I am little confused do CVEs mentioned above affect route53 as well or not? If yes then has AWS taken the right steps to mitigate it? I checked the AWS Security Bulletins but could not find anything about CVEs.

Thanks in advance, Mahesh

Mahesh
質問済み 3ヶ月前165ビュー
1回答
1

As per Vulnerability Reporting - Address potential vulnerabilities in any aspect of our cloud services

If you would like to report a vulnerability or have a security concern regarding AWS cloud services or open source projects, please submit the information by contacting aws-security@amazon.com. If you wish to protect the contents of your submission, you may use our PGP key.

AWS
エキスパート
Mike_L
回答済み 3ヶ月前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ