Is bind 9.18.19 a validating resolver to shield against CVE-2023-42119 ?
Petr Špaček
pspacek at isc.org
Mon Oct 2 11:26:30 UTC 2023
On 02. 10. 23 11:06, Kurt Jaeger wrote:
> Hi!
>
> In the light of the recent exim security issues[1,2]
> I'm trying to find out if bind 9.18.19, if used as resolver,
> does enough validation to shield exim instances from CVE-2023-42119 ?
>
> As details and reproducers for the CVE are not available, this is a
> more general question. Pointers on where I can read more about it
> are highly appreciated!
>
> There are probably two aspects to validation:
> - Validating DNSSEC (the more common use case of validation)
> - Validating DNS request/replies in general (bailiwick, cache polution etc).
>
> [1] https://lists.exim.org/lurker/message/20231001.165119.aa8c29f9.en.html
> [2] https://www.zerodayinitiative.com/advisories/ZDI-23-1473/
It's impossible to judge from the (lack of) details provided. Sorry!
--
Petr Špaček
Internet Systems Consortium
More information about the bind-users
mailing list