Inquiry on Mitigation Measures for DNS Server Vulnerabilities (KeyTrap+ NSEC3)

0
Denial of Service Vulnerability in DNS servers (KeyTrap+ NSEC3)
Indian - Computer Emergency Response Team (cert-in.org.in)
Severity Rating: High
Overview
Two vulnerabilities have been reported in DNS protocol which could allow a remote attacker to cause Denial of Service (DoS) condition on the target DNS server.
Description
Domain Name System (DNS) is a protocol that allows us to use human readable names to communicate over networks, rather than having to manage and memorize IP addresses.
The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups.
These vulnerabilities exist due to improper input validation while processing DNSSEC related records. A remote attacker could exploit these vulnerabilities to cause denial of service (through CPU consumptions) via DNSSEC responses due to NSEC3 issue or Key Trap issue.
Successful exploitation of these vulnerabilities could allow a remote attacker to perform Denial of Service (DoS) condition on the targeted DNS server.
Solution
Apply appropriate security updates to the latest product versions immediately or once they are released by the respective vendors and other mitigation techniques as applicable.
CVE Name: CVE-2023-50387,CVE-2023-50868

Hi,

I recently got the about the CVE-2023-50387 and CVE-2023-50868 vulnerabilities found, I am using the Route53 service as DNS provider so I am little confused do CVEs mentioned above affect route53 as well or not? If yes then has AWS taken the right steps to mitigate it? I checked the AWS Security Bulletins but could not find anything about CVEs.

Thanks in advance, Mahesh

Mahesh
feita há 3 meses169 visualizações
1 Resposta
1

As per Vulnerability Reporting - Address potential vulnerabilities in any aspect of our cloud services

If you would like to report a vulnerability or have a security concern regarding AWS cloud services or open source projects, please submit the information by contacting aws-security@amazon.com. If you wish to protect the contents of your submission, you may use our PGP key.

AWS
ESPECIALISTA
Mike_L
respondido há 3 meses

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas