32.Lock Code Circular

The Internet Systems Consortium (ISC) has released security updates for its Berkeley Internet Name Domain (BIND), fixing vulnerabilities that if exploited could cause a denial of service condition.

The first issue, the high-severity CVE-2018-5743, addresses a flaw that does not limit the number of TCP clients that can be connected at any given time. The scenario can be created because the number of TCP connections is changeable and, if unset, is designed to default to the conservative value for the server. However, the code which was intended to limit the number of simultaneous connections contains an error which can be exploited to grow the number of simultaneous connections beyond this limit, creating a DoS condition.

The link for this article located at SC Magazine is no longer available.