Resource Exhaustion Vulnerability in BIND 9 by ISC
CVE-2024-11187

7.5HIGH

Key Information:

Vendor
Isc
Status
Bind 9
Vendor
CVE Published:
29 January 2025

Badges

๐Ÿ“ˆ Score: 451๐Ÿ‘พ Exploit Exists๐Ÿ“ฐ News Worthy

What is CVE-2024-11187?

CVE-2024-11187 is a resource exhaustion vulnerability found in BIND 9, a widely-used software for managing Domain Name System (DNS) services. This software is instrumental in enabling devices to communicate over networks by translating human-readable domain names into machine-readable IP addresses. The vulnerability permits an attacker to craft specific DNS zones that generate extensive responses to queries, leading to excessive resource consumption on affected DNS servers. Organizations reliant on BIND 9 for their DNS infrastructure could experience substantial disruptions in service, degraded performance, and potential downtime, impacting overall operational efficiency and reliability.

Technical Details

The vulnerability arises from the ability to create DNS zones that respond to certain queries with an abnormal number of records in their Additional section. When an attacker sends multiple queries exploiting this issue, it can overwhelm either the authoritative DNS server or an independent resolver, consuming disproportionate computational resources. Specifically, this affects various versions of BIND 9, including 9.11.0 to 9.11.37, 9.16.0 to 9.16.50, 9.18.0 to 9.18.32, 9.20.0 to 9.20.4, and 9.21.0 to 9.21.3, among others. The nature of the vulnerability necessitates that the maliciously crafted zones are purposefully designed to exploit this weakness.

Potential impact of CVE-2024-11187

  1. Service Disruption: Organizations may face interruptions in DNS services as servers become overloaded, leading to failures in name resolution which can hinder user access to critical applications and resources.

  2. Increased Operational Costs: System resources are consumed disproportionately, which may require additional infrastructure to manage the load or necessitate time-consuming mitigation efforts, resulting in increased operational costs.

  3. Risk of Extended Downtime: Prolonged exploitation can lead to significant downtime as systems may need to be taken offline for remediation, impacting business continuity and potentially causing financial losses.

Affected Version(s)

BIND 9 9.11.0 <= 9.11.37

BIND 9 9.16.0 <= 9.16.50

BIND 9 9.18.0 <= 9.18.32

News Articles

favicon imageTheSecMaster

Fix CVE-2024-11187: BIND 9 CPU Exhaustion Flaw

Learn how to mitigate the CVE-2024-11187 vulnerability in BIND 9 DNS servers. Step-by-step guide for fixing CPU exhaustion and securing your infrastructure.

3 weeks ago

References

https://kb.isc.org/docs/cve-2024-11187
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ“ฐ

    First article discovered by TheSecMaster

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

ISC would like to thank Toshifumi Sakaguchi for bringing this vulnerability to our attention.
.