Hi! In the light of the recent exim security issues[1,2] I'm trying to find out if bind 9.18.19, if used as resolver, does enough validation to shield exim instances from CVE-2023-42119 ?
As details and reproducers for the CVE are not available, this is a more general question. Pointers on where I can read more about it are highly appreciated! There are probably two aspects to validation: - Validating DNSSEC (the more common use case of validation) - Validating DNS request/replies in general (bailiwick, cache polution etc). [1] https://lists.exim.org/lurker/message/20231001.165119.aa8c29f9.en.html [2] https://www.zerodayinitiative.com/advisories/ZDI-23-1473/ -- p...@opsec.eu +49 171 3101372 Now what ? -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
