SSO Login is being implemented on this site. Existing users: Your existing password must be reset the first time you login using SSO. Click here to reset your password first before login. Your new username will be your email.

Trending KB Articles

infobloxblog.jpeg

Infoblox NIOS and BloxOne products are not vulnerable to CVE-2022-0635

Mar 16, 2022Knowledge
 

Summary 

Infoblox NIOS and BloxOne products are not vulnerable to CVE-2022-0635.

 

Overview

On March 16th, 2022 ISC announced a new vulnerability, CVE-2022-0635.


This issue causes named to terminate unexpectedly. Although the crash cannot be triggered with a single query, repeated patterns of specific queries will reliably cause named to terminate.

 

BIND 9.18.0 is confirmed to be vulnerable. This defect is unlikely to affect any other BIND version.

 

If running BIND 9.18.0, this failure can be avoided by disabling the `synth-from-dnssec` option within named.conf (syntax below):


synth-from-dnssec no;


For context, the `synth-from-dnssec` option enables support for RFC 8198, Aggressive Use of DNSSEC-Validated Cache. It allows the resolver to send a smaller number of queries when resolving queries for DNSSEC-signed domains by synthesizing answers from cached NSEC and other RRsets that have been proved to be correct using DNSSEC.
 

Program impacted: BIND

 

Severity: High

 

Exploitable: Remotely

 

CVSS Score: 7.0

 

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RLSmiley Surprised/RC:

 

Affected Versions

NIOS and BloxOne Products are not vulnerable to this issue as they do not run the affected 9.18.0 BIND release.


Impact

There is no impact to Infoblox NIOS or BloxOne products


Workaround

No workaround necessary


Resolution

No actions needed

Showing results for 
Search instead for 
Did you mean: