{"id":1253737,"date":"2024-07-25T21:35:57","date_gmt":"2024-07-25T23:35:57","guid":{"rendered":"https:\/\/teknomers.com\/fr\/la-cisa-met-en-garde-contre-des-vulnerabilites-exploitables-dans-le-logiciel-dns-populaire-bind-9\/"},"modified":"2024-07-25T21:36:03","modified_gmt":"2024-07-25T23:36:03","slug":"la-cisa-met-en-garde-contre-des-vulnerabilites-exploitables-dans-le-logiciel-dns-populaire-bind-9","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/la-cisa-met-en-garde-contre-des-vulnerabilites-exploitables-dans-le-logiciel-dns-populaire-bind-9\/","title":{"rendered":"La CISA met en garde contre des vuln\u00e9rabilit\u00e9s exploitables dans le logiciel DNS populaire BIND 9"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">25 juillet 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9\/vuln\u00e9rabilit\u00e9 DNS<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/07\/La-CISA-met-en-garde-contre-des-vulnerabilites-exploitables-dans.png\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>L&#8217;Internet Systems Consortium (ISC) a publi\u00e9 des correctifs pour corriger plusieurs vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 dans le domaine de noms Internet de Berkeley (<a rel=\"nofollow noopener\" href=\"https:\/\/bind9.readthedocs.io\/en\/v9.18.28\/chapter1.html#dns-and-bind-9\" target=\"_blank\">LIER<\/a>) 9 Suite logicielle Domain Name System (DNS) qui pourrait \u00eatre exploit\u00e9e pour d\u00e9clencher une condition de d\u00e9ni de service (DoS).<\/p>\n<p>\u00ab Un acteur de cybermenace pourrait exploiter l&#8217;une de ces vuln\u00e9rabilit\u00e9s pour provoquer une condition de d\u00e9ni de service \u00bb, a d\u00e9clar\u00e9 l&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA). <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2024\/07\/24\/isc-releases-security-advisories-bind-9\" target=\"_blank\">dit<\/a> dans un avis consultatif.<\/p>\n<section class=\"dog_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thehackernews.uk\/intel-inside-d\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/07\/1721628359_866_Nouvelle-variante-Linux-du-ransomware-Play-ciblant-les-systemes-VMWare.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/section>\n<p>La liste des quatre vuln\u00e9rabilit\u00e9s est r\u00e9pertori\u00e9e ci-dessous\u00a0:<\/p>\n<ul>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/kb.isc.org\/docs\/cve-2024-4076\" target=\"_blank\">CVE-2024-4076<\/a> (Score CVSS\u00a0: 7,5)\u00a0&#8211; En raison d&#8217;une erreur logique, les recherches qui ont d\u00e9clench\u00e9 la diffusion de donn\u00e9es obsol\u00e8tes et ont n\u00e9cessit\u00e9 des recherches dans les donn\u00e9es de la zone locale faisant autorit\u00e9 ont pu entra\u00eener un \u00e9chec d&#8217;assertion<\/li>\n<\/ul>\n<ul>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/kb.isc.org\/docs\/cve-2024-1975\" target=\"_blank\">CVE-2024-1975<\/a> (Score CVSS\u00a0: 7,5)\u00a0&#8211; La validation des messages DNS sign\u00e9s \u00e0 l&#8217;aide du protocole SIG(0) peut entra\u00eener une charge CPU excessive, conduisant \u00e0 une condition de d\u00e9ni de service.<\/li>\n<\/ul>\n<ul>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/kb.isc.org\/docs\/cve-2024-1737\" target=\"_blank\">CVE-2024-1737<\/a> (Score CVSS\u00a0: 7,5) &#8211; Il est possible de cr\u00e9er un nombre excessivement important de types d&#8217;enregistrements de ressources pour un nom de propri\u00e9taire donn\u00e9, ce qui a pour effet de ralentir le traitement de la base de donn\u00e9es<\/li>\n<\/ul>\n<ul>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/kb.isc.org\/docs\/cve-2024-0760\" target=\"_blank\">CVE-2024-0760<\/a> (Score CVSS\u00a0: 7,5)\u00a0&#8211;\u00a0Un client DNS malveillant qui envoyait de nombreuses requ\u00eates via TCP mais ne lisait jamais les r\u00e9ponses pouvait entra\u00eener une r\u00e9ponse lente ou inexistante d&#8217;un serveur pour d&#8217;autres clients<\/li>\n<\/ul>\n<p>L&#8217;exploitation r\u00e9ussie des bogues susmentionn\u00e9s pourrait entra\u00eener la fermeture inattendue d&#8217;une instance nomm\u00e9e, \u00e9puiser les ressources CPU disponibles, ralentir le traitement des requ\u00eates d&#8217;un facteur 100 et rendre le serveur insensible.<\/p>\n<p>Les failles ont \u00e9t\u00e9 corrig\u00e9es dans les versions 9.18.28, 9.20.0 et 9.18.28-S1 de BIND 9, publi\u00e9es plus t\u00f4t ce mois-ci. Rien ne prouve que l&#8217;une quelconque de ces failles ait \u00e9t\u00e9 exploit\u00e9e dans la nature.<\/p>\n<p>Cette divulgation intervient quelques mois apr\u00e8s que l&#8217;ISC a corrig\u00e9 une autre faille dans BIND 9 appel\u00e9e KeyTrap (CVE-2023-50387, score CVSS : 7,5) qui pourrait \u00eatre exploit\u00e9e pour \u00e9puiser les ressources du processeur et bloquer les r\u00e9solveurs DNS, entra\u00eenant un d\u00e9ni de service (DoS).<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ? Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire davantage de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/07\/cisa-warns-of-exploitable.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80225 juillet 2024\ue804R\u00e9dactionS\u00e9curit\u00e9\/vuln\u00e9rabilit\u00e9 DNS L&#8217;Internet Systems Consortium (ISC) a publi\u00e9 des correctifs pour corriger plusieurs vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 dans le domaine de noms Internet de Berkeley (LIER) 9 Suite logicielle Domain Name System (DNS) qui pourrait \u00eatre exploit\u00e9e pour d\u00e9clencher une condition de d\u00e9ni de service (DoS). \u00ab Un acteur de cybermenace pourrait exploiter l&#8217;une [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1253738,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[238714,200292,238582,238778,142069,4805,4168,841,4158,4165,429,133,6016,243634,525,238584,6816,200271,4955,238334,98340,440,238617,4172,4169,4166,238583,12365],"class_list":["post-1253737","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-des-hackers","tag-actualites-sur-la-cybersecurite","tag-actualites-sur-la-cybersecurite-aujourdhui","tag-actualites-sur-le-piratage-informatique","tag-bind","tag-cisa","tag-comment-pirater","tag-contre","tag-cyber-actualites","tag-cyber-attaques","tag-dans","tag-des","tag-dns","tag-exploitables","tag-garde","tag-les-nouvelles-des-hackers","tag-logiciel","tag-logiciel-malveillant-rancongiciel","tag-met","tag-mises-a-jour-cybernetiques","tag-mises-a-jour-de-cybersecurite","tag-populaire","tag-securite-de-linformation","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite-du-logiciel","tag-vulnerabilites"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1253737","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1253737"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1253737\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1253738"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1253737"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1253737"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1253737"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}