7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
34.0%
A vulnerability in ISC BIND could allow a remote attacker to cause a denial of service (CVE-2022-3094, CVE-2022-3736, CVE-2022-3924). AIX uses ISC BIND as part of its DNS functions.
CVEID:CVE-2022-3094
**DESCRIPTION:**ISC BIND is vulnerable to a denial of service, caused by the allocation of memory prior to the checking of access permissions (ACLs). By sending an UPDATE message flood, a remote attacker could exploit this vulnerability to cause named to exhaust all available memory.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245430 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2022-3736
**DESCRIPTION:**ISC BIND is vulnerable to a denial of service, caused by a flaw in the implementation of the stale-answer-client-timeout option. By sending RRSIG queries to the resolver, a remote attacker could exploit this vulnerability to cause named to crash when stale cache and stale answers are enabled.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245431 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2022-3924
**DESCRIPTION:**ISC BIND is vulnerable to a denial of service, caused by a flaw in the implementation of the stale-answer-client-timeout option. By sending specific queries to the resolver, a remote attacker could exploit this vulnerability to cause named to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245432 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
AIX | 7.2 |
AIX | 7.3 |
VIOS | 3.1 |
The following fileset levels are vulnerable:
Fileset | Lower Level | Upper Level |
---|---|---|
bind.rte | 7.1.916.0 | 7.1.916.2601 |
To find out whether the affected filesets are installed on your systems, refer to the lslpp command found in AIX user’s guide.
Example: lslpp -L | grep -i bind.rte
FIXES
IBM strongly recommends addressing the vulnerability now.
AIX and VIOS fixes are available. The fixes are cumulative and address previously issued AIX/VIOS BIND security bulletins with respect to SP and TL.
The AIX and VIOS fixes can be downloaded via https from:
<https://www.ibm.com/resources/mrs/assets?source=aixbp>
IMPORTANT: If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.
Note that all the previously reported security vulnerability fixes are also included in above mentioned fileset level. Please refer to the readme file (provided along with the fileset) for the complete list of vulnerabilities fixed.
To preview the fix installation:
installp -apYd . bind.rte
To install the fix package:
installp -aXYd . bind.rte
To verify the advisory:
openssl dgst -sha256 -verify [pubkey_file] -signature [advisory_file].sig [advisory_file]
openssl dgst -sha256 -verify [pubkey_file] -signature [ifix_file].sig [ifix_file]
Published advisory OpenSSL signature file location:
<https://aix.software.ibm.com/aix/efixes/security/bind_advisory23.asc.sig>
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
34.0%