IBM3E80AC577E55DC2BD55A816E42F9A03DEFAD8F19A4FE93C680D15A11188E4D09Security Bulletin: IBM i DNS is affected by denial of service attacks due to flaws in ISC BIND (CVE-2022-3094, CVE-2022-3736, CVE-2022-3924).
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
35.2%
Summary
The IBM i DNS Server implementation uses ISC BIND. ISC BIND is vulnerable to denial of service attacks due to allocating memory before checking access permissions and flaws in the implementation of the stale-answer-client-timeout option as described in the vulnerability details section. IBM i has addressed the applicable CVEs with a fix to IBM i DNS as described in the remediation/fixes section.
Vulnerability Details
CVEID:CVE-2022-3094
**DESCRIPTION:**ISC BIND is vulnerable to a denial of service, caused by the allocation of memory prior to the checking of access permissions (ACLs). By sending an UPDATE message flood, a remote attacker could exploit this vulnerability to cause named to exhaust all available memory.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245430 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2022-3924
**DESCRIPTION:**ISC BIND is vulnerable to a denial of service, caused by a flaw in the implementation of the stale-answer-client-timeout option. By sending specific queries to the resolver, a remote attacker could exploit this vulnerability to cause named to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245432 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2022-3736
**DESCRIPTION:**ISC BIND is vulnerable to a denial of service, caused by a flaw in the implementation of the stale-answer-client-timeout option. By sending RRSIG queries to the resolver, a remote attacker could exploit this vulnerability to cause named to crash when stale cache and stale answers are enabled.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245431 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM i | 7.5 |
| IBM i | 7.4 |
| IBM i | 7.3 |
| IBM i | 7.2 |
Remediation/Fixes
The issue can be fixed by applying a PTF to IBM i. Releases 7.5, 7.4, 7.3, and 7.2 of IBM i will be fixed.
The IBM i PTF numbers for 5770-SS1 Option 31 Domain Name System contain the fix for the vulnerabilities.
IBM i Release| 5770-SS1
Option 31
PTF Number| PTF Download Link
—|—|—
7.5| SI82623| <https://www.ibm.com/support/pages/ptf/SI82623>
7.4| SI82624| <https://www.ibm.com/support/pages/ptf/SI82624>
7.3| SI82625| <https://www.ibm.com/support/pages/ptf/SI82625>
7.2| SI82626| <https://www.ibm.com/support/pages/ptf/SI82626>
<https://www.ibm.com/support/fixcentral/>
_Important note: __IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
_
Workarounds and Mitigations
None
Affected configurations
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
35.2%