Bug 1228255 (CVE-2024-0760)

Summary: VUL-0: CVE-2024-0760: bind: A flood of DNS messages over TCP may make the server unstable
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Jorik Cronenberg <jorik.cronenberg>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P2 - High CC: abergmann
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/414978/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-0760:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: upstream patch

Description SMASH SMASH 2024-07-24 06:21:29 UTC 
A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack.

This issue affects BIND 9 versions:
9.18.1 -> 9.18.27 
9.19.0 -> 9.19.24
9.18.11-S1 -> 9.18.27-S1

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0760
https://seclists.org/oss-sec/2024/q3/101
https://kb.isc.org/docs/cve-2024-0760
https://kb.isc.org/docs/cve-2024-4076
https://kb.isc.org/docs/cve-2024-1975
https://kb.isc.org/docs/cve-2024-1737
https://downloads.isc.org/isc/bind9/9.18.28/patches/
https://www.cve.org/CVERecord?id=CVE-2024-0760
http://www.openwall.com/lists/oss-security/2024/07/23/1
https://bugzilla.redhat.com/show_bug.cgi?id=2298878
Comment 1 Alexander Bergmann 2024-07-24 07:02:24 UTC 
Created attachment 876219 [details]
upstream patch

It looks like all code stream >= SLE-15-SP4 are affected by this, even that bind version 9.16.x is not listed inside the security announcement.