Is bind 9.18.19 a validating resolver to shield against CVE-2023-42119 ?
Kurt Jaeger
bind-users at opsec.eu
Mon Oct 2 09:06:56 UTC 2023
Hi!
In the light of the recent exim security issues[1,2]
I'm trying to find out if bind 9.18.19, if used as resolver,
does enough validation to shield exim instances from CVE-2023-42119 ?
As details and reproducers for the CVE are not available, this is a
more general question. Pointers on where I can read more about it
are highly appreciated!
There are probably two aspects to validation:
- Validating DNSSEC (the more common use case of validation)
- Validating DNS request/replies in general (bailiwick, cache polution etc).
[1] https://lists.exim.org/lurker/message/20231001.165119.aa8c29f9.en.html
[2] https://www.zerodayinitiative.com/advisories/ZDI-23-1473/
--
pi at opsec.eu +49 171 3101372 Now what ?
More information about the bind-users
mailing list