Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Trending KB Articles

mollerblog.jpg

Infoblox NIOS and BloxOne Products are not vulnerable to CVE-2022-0667

Mar 16, 2022Knowledge
 

Summary:

On March 16th, 2022 ISC announced a new security issue encountered  in BIND 9.18.0 as CVE-2022-0667.

 

Overview:

We refactored the RFC 8198 Aggressive Use of DNSSEC-Validated Cache feature (synth-from-dnssec) for the new BIND 9.18.0 stable release, and changed the default so that is now automatically enabled for dnssec-validating resolvers. Subsequently it was found that repeated patterns of specific queries to servers with this feature enabled could cause an INSIST failure in query.c:query_dname which causes named to terminate unexpectedly.

The vulnerability affects BIND resolvers running 9.18.0 that have both `dnssec-validation` and `synth-from-dnssec` enabled. (Note that `dnssec-validation auto;` is the default setting unless configured otherwise in `named.conf` and that enabling `dnssec-validation` automatically enables `synth-from-dnssec` unless explicitly disabled).

 

Impact:

When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.

CVSS Score: 7.0
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RLSmiley Surprised/RC:C

For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/...Smiley Surprised.

 

 

Affected Versions

NIOS and BloxOne Products are not vulnerable to this issue as they do not run the affected 9.18.0 BIND release.
 

Impact

There is no impact to Infoblox NIOS and BloxOne products
 

Workaround

No workaround necessary

 

Resolution

No actions needed

Showing results for 
Search instead for 
Did you mean: