Created
September 18, 2024 02:02
-
-
Save idealeer/89947ca07836fd0f7e9761198ca9a0f3 to your computer and use it in GitHub Desktop.
Information for CVE-2023-28451, CVE-2023-28457, CVE-2023-28455, CVE-2023-28456, CVE-2023-49203
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-2023-28451 | |
> [Suggested description] | |
> An issue was discovered in Technitium 11.0.2. | |
> There is a vulnerability (called TuDoor Attack for DoS) in DNS resolving software, | |
> which triggers a resolver to ignore valid responses, thus causing DoS | |
> (denial of service) for normal resolution. The effects of an exploit | |
> would be widespread and highly impactful, because the attacker could just | |
> forge a response targeting the source port of a vulnerable resolver | |
> without the need to guess the correct TXID. | |
> | |
> ------------------------------------------ | |
> | |
> [Additional Information] | |
> Technitium is an individual vendor. | |
> | |
> ------------------------------------------ | |
> | |
> [VulnerabilityType Other] | |
> DoS | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> Technitium | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> Technitium - 11.0.2 | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> Technitium with the latest version | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Type] | |
> Remote | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Denial of Service] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Vectors] | |
> Attackers inject a malformed response to the correct source port by brute-forcing and without the need of guessing the correct txid. | |
> | |
> ------------------------------------------ | |
> | |
> [Reference] | |
> https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md | |
> Please search: Fixed DoS vulnerability reported by Xiang Li, Network and Information Security Lab, Tsinghua University that an attacker can use to send bad-formatted UDP packet to cause the outbound requests to fail to resolve due to insufficient validation. | |
> https://www.computer.org/csdl/proceedings-article/sp/2024/313000a181/1V28Z5fBEVG | |
> ------------------------------------------ | |
> | |
> [Discoverer] | |
> Xiang Li from NISL Lab of Tsinghua University | |
CVE-2023-28457 | |
> [Suggested description] | |
> An issue was discovered in Technitium through 11.0.3. | |
> It enables attackers to | |
> conduct a DNS cache poisoning attack (TuDoor Attack for cache poisoning) and inject fake responses within | |
> 1 second, which is impactful. | |
> | |
> ------------------------------------------ | |
> | |
> [Additional Information] | |
> Technitium is an individual vendor. | |
> | |
> ------------------------------------------ | |
> | |
> [VulnerabilityType Other] | |
> CAPEC-142: DNS Cache Poisoning | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> Technitium | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> Technitium DNS Server - <=11.0.3 | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> Technitium DNS server with the latest version | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Type] | |
> Remote | |
> | |
> ------------------------------------------ | |
> | |
> [CVE Impact Other] | |
> DNS cache poisoning | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Vectors] | |
> Attackers send a query to Technitium and inject fake DNS responses to poison the Technitium DNS server. | |
> | |
> ------------------------------------------ | |
> | |
> [Reference] | |
> https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md | |
> Please search: Fixed issue reported by Xiang Li, Network and Information Security Lab, Tsinghua University that made the DNS server vulnerable to cache poisoning on Windows platform due to non-random UDP ports for outbound requests. | |
> https://www.computer.org/csdl/proceedings-article/sp/2024/313000a181/1V28Z5fBEVG | |
> ------------------------------------------ | |
> | |
> [Has vendor confirmed or acknowledged the vulnerability?] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Discoverer] | |
> Xiang Li from NISL Lab of Tsinghua University | |
CVE-2023-28455 | |
> [Suggested description] | |
> An issue was discovered in Technitium through 11.0.2. | |
> The forwarding mode | |
> enables attackers to create a query loop using Technitium resolvers, | |
> launching amplification attacks (TsuKing Attack) and causing potential DoS. | |
> | |
> ------------------------------------------ | |
> | |
> [Additional Information] | |
> Technitium is an individual vendor. | |
> | |
> ------------------------------------------ | |
> | |
> [VulnerabilityType Other] | |
> DoS | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> Technitium | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> Technitium - <=11.0.2 | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> Technitium with the latest version | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Type] | |
> Remote | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Denial of Service] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Vectors] | |
> Attackers send a query to Unbound (under forwarding mode) and return a crafted response to it by pointing the next server to itself or other Unbound resolver. | |
> | |
> ------------------------------------------ | |
> | |
> [Reference] | |
> https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md | |
> Please search: Fixed issue reported by Xiang Li, Network and Information Security Lab, Tsinghua University that caused conditional forwarder to not honoring RD flag in requests. | |
> https://dl.acm.org/doi/10.1145/3576915.3616668 | |
> ------------------------------------------ | |
> | |
> [Discoverer] | |
> Xiang Li from NISL Lab of Tsinghua University | |
CVE-2023-28456 | |
> [Suggested description] | |
> An issue that supports a default response packet size of more than 4,096 bytes was discovered in Technitium through 11.0.2. | |
> It enables attackers to launch | |
> amplification attacks (3 times more than other "golden model" software | |
> like BIND) and cause potential DoS. | |
> | |
> ------------------------------------------ | |
> | |
> [Additional Information] | |
> Technitium is an individual vendor. | |
> | |
> ------------------------------------------ | |
> | |
> [VulnerabilityType Other] | |
> DoS | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> Technitium | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> Technitium - <=11.0.2 | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> Technitium with the latest version | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Type] | |
> Remote | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Denial of Service] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Vectors] | |
> Attackers send a query to Technitium and return a crafted large response. | |
> | |
> ------------------------------------------ | |
> | |
> [Reference] | |
> https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md | |
> Please search: Fixed issue reported by Xiang Li, Network and Information Security Lab, Tsinghua University that made amplification attacks more effective due to max 4096 bytes limit for responses. reported by Xiang Li, Network and Information Security Lab, Tsinghua University by updating the default configured values for the DNS server which mitigates the impact. | |
> ------------------------------------------ | |
> | |
> [Has vendor confirmed or acknowledged the vulnerability?] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Discoverer] | |
> Xiang Li from NISL Lab of Tsinghua University | |
CVE-2023-49203 | |
> [Suggested description] | |
> Technitium 11.5.3 | |
> allows remote attackers to cause a denial of service (bandwidth | |
> amplification) because the DNSBomb manipulation causes accumulation of | |
> low-rate DNS queries such that there is a large-sized response in a | |
> burst of traffic. | |
> | |
> ------------------------------------------ | |
> | |
> [Additional Information] | |
> Technitium is an individual vendor. | |
> | |
> We found a new DNS vulnerability that can be exploited to perform a new | |
> pulsing DoS attack, named the DNSBomb attack. DNSBomb exploits multiple | |
> widely-implemented DNS mechanisms to accumulate DNS queries that are | |
> sent at a low rate, amplify queries into large-sized responses, and | |
> concentrate all DNS responses into a short, high-volume periodic | |
> pulsing burst to simultaneously overwhelm target systems. The effects | |
> of an exploit would be widespread and highly impactful, as our | |
> small-scale experiments show that the peak pulse magnitude can approach | |
> 8.7Gb/s and the bandwidth amplification factor can exceed 20,000x. | |
> Besides, DNSBomb conforms to defacto DNS specifications and best | |
> practices and exploits current mitigation patches of "birthday | |
> paradox"-based DNS cache poisoning attacks. | |
> | |
> ------------------------------------------ | |
> | |
> [VulnerabilityType Other] | |
> DoS | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> Technitium | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> Technitium - latest version | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> Technitium with the latest version | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Type] | |
> Remote | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Denial of Service] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Vectors] | |
> Attackers exploit multiple widely-implemented DNS mechanisms to accumulate DNS queries that are sent at a low rate, amplify queries into large-sized responses, and concentrate all DNS responses into a short, high-volume periodic pulsing burst to simultaneously overwhelm target systems. | |
> | |
> ------------------------------------------ | |
> | |
> [Reference] | |
> https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md | |
> Please search: Fixed issue reported by Xiang Li, Network and Information Security Lab, Tsinghua University that made amplification attacks more effective due to max 4096 bytes limit for responses. reported by Xiang Li, Network and Information Security Lab, Tsinghua University by updating the default configured values for the DNS server which mitigates the impact. | |
> | |
> ------------------------------------------ | |
> | |
> [Has vendor confirmed or acknowledged the vulnerability?] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Discoverer] | |
> Xiang Li from NISL Lab of Tsinghua University |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment