Inquiry on Mitigation Measures for DNS Server Vulnerabilities (KeyTrap+ NSEC3)

0
Denial of Service Vulnerability in DNS servers (KeyTrap+ NSEC3)
Indian - Computer Emergency Response Team (cert-in.org.in)
Severity Rating: High
Overview
Two vulnerabilities have been reported in DNS protocol which could allow a remote attacker to cause Denial of Service (DoS) condition on the target DNS server.
Description
Domain Name System (DNS) is a protocol that allows us to use human readable names to communicate over networks, rather than having to manage and memorize IP addresses.
The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups.
These vulnerabilities exist due to improper input validation while processing DNSSEC related records. A remote attacker could exploit these vulnerabilities to cause denial of service (through CPU consumptions) via DNSSEC responses due to NSEC3 issue or Key Trap issue.
Successful exploitation of these vulnerabilities could allow a remote attacker to perform Denial of Service (DoS) condition on the targeted DNS server.
Solution
Apply appropriate security updates to the latest product versions immediately or once they are released by the respective vendors and other mitigation techniques as applicable.
CVE Name: CVE-2023-50387,CVE-2023-50868

Hi,

I recently got the about the CVE-2023-50387 and CVE-2023-50868 vulnerabilities found, I am using the Route53 service as DNS provider so I am little confused do CVEs mentioned above affect route53 as well or not? If yes then has AWS taken the right steps to mitigate it? I checked the AWS Security Bulletins but could not find anything about CVEs.

Thanks in advance, Mahesh

Mahesh
已提问 3 个月前165 查看次数
1 回答
1

As per Vulnerability Reporting - Address potential vulnerabilities in any aspect of our cloud services

If you would like to report a vulnerability or have a security concern regarding AWS cloud services or open source projects, please submit the information by contacting aws-security@amazon.com. If you wish to protect the contents of your submission, you may use our PGP key.

AWS
专家
Mike_L
已回答 3 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则