On 02. 10. 23 11:06, Kurt Jaeger wrote:
Hi!
In the light of the recent exim security issues[1,2]
I'm trying to find out if bind 9.18.19, if used as resolver,
does enough validation to shield exim instances from CVE-2023-42119 ?
As details and reproducers for the CVE are not available, this is a
more general question. Pointers on where I can read more about it
are highly appreciated!
There are probably two aspects to validation:
- Validating DNSSEC (the more common use case of validation)
- Validating DNS request/replies in general (bailiwick, cache polution etc).
[1] https://lists.exim.org/lurker/message/20231001.165119.aa8c29f9.en.html
[2] https://www.zerodayinitiative.com/advisories/ZDI-23-1473/
It's impossible to judge from the (lack of) details provided. Sorry!
--
Petr Špaček
Internet Systems Consortium
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
