Oct 12, 2022•Knowledge
Summary
Processing large delegations may severely degrade resolver performance.
Overview
On September 21, 2022 ISC announced a new vulnerability, CVE-2022-2795.
A flaw in resolver code can cause named to spend excessive amounts of time on processing large delegations.
Program impacted: BIND
Severity: Medium
Exploitable: Remotely
CVSS Score: 5.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Versions
BloxOne and NIOS are vulnerable to CVE-2022-2795.
Impact
By flooding the target resolver with queries exploiting this flaw, an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
Workaround
No workaround is available for Infoblox BloxOne and NIOS products.
Resolution
Infoblox suggests one of the following options to resolve this:
- NIOS
- Apply NIOS version-specific Hotfix (8.2.6 CC, 8.5.2, 8.5.2 CC, 8.5.3, 8.5.4, 8.5.5, 8.6.1, 8.6.2). All related files are attached to this case, however, we recommend only downloading the Hotfix Release Form, Hotfix, and Revert Hotfix specific to your NIOS version.
- These CVEs will be patched in future NIOS release 8.6.3.
- BloxOne
-
Infoblox will be delivering a patch to fix this issue on September 24 2022.
-
NOTE: You do have the option to defer this update to a time of your choosing to minimize any business impact this interruption may have.
-
Additional Notes
- The 8.5.2 CC Hotfix can be used for environments running 8.5.2 without CC mode.
- The Hotfix files in this KB resolve the CVE in this article as well as the issue identified in CVE-2022-38177 and CVE-2022-38178.
NIOS Version-Specific Hotfix Files (attached to this KB)
8.2.6 CC
File |
File Name |
Hotfix Release Form |
8.2.6_CC_Hotfix_Release_Form_NIOS-87294.pdf |
Hotfix |
Hotfix-8-2-6-NIOS-87294-APPLY-d81d2ad229cb308e03f94ca4e370ce8e-Thu-Sep-15-02-27-21-2022.bin2 |
Hotfix Revert |
Hotfix-8-2-6-NIOS-87294-REVERT-3a92b7e88264e6f79dcae897c5145759-Thu-Sep-15-02-27-49-2022.bin2 |
8.5.2
File |
File Name |
Hotfix Release Form |
8.5.2_Hotfix_Release_Form_NIOS-87227.pdf |
Hotfix |
Hotfix-NIOS-8.5.2-409296-J87227-APPLY-09c8adf65d70c79123b7d89d3139fb22-Wed-Sep-14-01-23-59-2022.bin2 |
Hotfix Revert |
Hotfix-NIOS-8.5.2-409296-J87227-REVERT-011ce931a2ce11878b76d95cecedcdf7-Wed-Sep-14-01-29-01-2022.bin2 |
8.5.3
File |
File Name |
Hotfix Release Form |
8.5.3_Hotfix_Release_Form_NIOS-87229.pdf |
Hotfix |
Hotfix-NIOS-8.5.3-417434-J87229-APPLY-c92e7430006bf2eb072feb066e34d032-Tue-Sep-13-21-31-16-2022.bin |
Hotfix Revert |
Hotfix-NIOS-8.5.3-417434-J87229-REVERT-56b193220a8c456f1aa7e62981fa513b-Tue-Sep-13-21-57-12-2022.bin |
8.5.4
File |
File Name |
Hotfix Release Form |
8.5.4_Hotfix_Release_Form_NIOS-87230.pdf |
Hotfix |
Hotfix-8-5-4-NIOS-87230-APPLY-eca36bcb9a2b63834734afd4d307187b-Tue-Sep-13-23-59-15-2022.bin |
Hotfix Revert |
Hotfix-8-5-4-NIOS-87230-REVERT-bcd228b43dce5f95b69804ea940ef69d-Wed-Sep-14-20-19-53-2022.bin |
8.5.5
File |
File Name |
Hotfix Release Form |
8.5.5_Hotfix_Release_Form_NIOS-87231.pdf |
Hotfix |
Hotfix-8-5-5-NIOS-87231-APPLY-28c27130f7e376a32e3d15d406f8bc62-Wed-Sep-14-00-07-11-2022.bin |
Hotfix Revert |
Hotfix-8-5-5-NIOS-87231-REVERT-8f70b7a51004d16a5676e960d94d5908-Wed-Sep-14-00-09-07-2022.bin |
8.6.1
The 8.6.1. Hotfix has been updated. |
File |
File Name |
Hotfix Release Form |
8.6.1_Hotfix_Release_Form_NIOS-87709.pdf |
Hotfix |
Hotfix-8-6-1-NIOS-87709-APPLY-49ddec3b0d18db825767bf0611c40c11-Mon-Oct-10-20-49-25-2022.bin2 |
Hotfix Revert |
Hotfix-8-6-1-NIOS-87709-REVERT-2e0789123c2f35948f1ee142471ccf4f-Mon-Oct-10-20-48-42-2022.bin2 |
8.6.2
File |
File Name |
Hotfix Release Form |
8.6.2_Hotfix_Release_Form_NIOS-87233.pdf |
Hotfix |
Hotfix-8-6-2-NIOS-87233-APPLY-5e10eb8f97078454fc0c50c37b6f755d-Wed-Sep-14-00-14-44-2022.bin |
Hotfix Revert |
Hotfix-8-6-2-NIOS-87233-REVERT-ad3836d27332dc176a042d4ca26261f6-Wed-Sep-14-00-14-04-2022.bin |