|
|
|
Vulnerability Note VU#725188
ISC BIND 9 vulnerable to denial of service via dynamic update request
OverviewISC BIND 9 contains a vulnerability that may allow a remote, unauthenticated attacker to create a denial-of-service condition.
I. DescriptionThe Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC). It includes support for dynamic DNS updates as specified in IETF RFC 2136. BIND 9 can crash when processing a specially-crafted dynamic update packet.
ISC notes that this vulnerability affects all servers that are masters for one or more zones and is not limited to those that are configured to allow dynamic updates. ISC also indicates that the attack packet has to be constructed for a zone for which the target system is configured as a master; launching the attack against slave zones does not trigger the vulnerability.
II. ImpactBy sending a specially-crafted dynamic update packet to a BIND 9 server, a remote, unauthenticated attacker can cause a denial of service by causing BIND to crash.
III. SolutionApply an update
Users who obtain BIND from a third-party vendor, such as their operating system vendor, should see the systems affected portion of this document for a partial list of affected vendors.
This vulnerability is addressed in ISC BIND versions 9.4.3-P3, 9.5.1-P3, and BIND 9.6.1-P1. Users of BIND from the original source distribution should upgrade to one of these versions, as appropriate.
See also https://www.isc.org/node/474.
Systems Affected
| Vendor | Status | Date Updated |
|---|
| Alcatel-Lucent | Unknown | 2009-07-28 | 2009-07-28 |
| Apple Inc. | Vulnerable | 2009-07-28 | 2009-08-17 |
| BlueCat Networks, Inc. | Vulnerable | 2009-07-28 | 2009-07-30 |
| Check Point Software Technologies | Unknown | 2009-07-28 | 2009-07-28 |
| Conectiva Inc. | Unknown | 2009-07-28 | 2009-07-28 |
| Cray Inc. | Unknown | 2009-07-28 | 2009-07-28 |
| Debian GNU/Linux | Vulnerable | 2009-07-28 | 2009-08-03 |
| DragonFly BSD Project | Unknown | 2009-07-28 | 2009-07-28 |
| EMC Corporation | Unknown | 2009-07-28 | 2009-07-28 |
| Engarde Secure Linux | Unknown | 2009-07-28 | 2009-07-28 |
| Ericsson | Unknown | 2009-07-28 | 2009-07-28 |
| F5 Networks, Inc. | Vulnerable | 2009-07-28 | 2009-07-31 |
| Fedora Project | Unknown | 2009-07-28 | 2009-07-28 |
| FreeBSD, Inc. | Vulnerable | 2009-07-28 | 2009-07-30 |
| Fujitsu | Unknown | 2009-07-28 | 2009-07-28 |
| Gentoo Linux | Unknown | 2009-07-28 | 2009-07-28 |
| Gnu ADNS | Unknown | 2009-07-28 | 2009-07-28 |
| GNU glibc | Unknown | 2009-07-28 | 2009-07-28 |
| Hewlett-Packard Company | Vulnerable | 2009-07-28 | 2009-08-26 |
| Hitachi | Unknown | 2009-07-28 | 2009-07-28 |
| IBM Corporation | Unknown | 2009-07-28 | 2009-07-28 |
| IBM eServer | Unknown | 2009-07-28 | 2009-07-28 |
| Infoblox | Vulnerable | 2009-07-28 | 2009-07-30 |
| Internet Systems Consortium | Vulnerable | 2009-07-28 | 2009-07-28 |
| Juniper Networks, Inc. | Unknown | 2009-07-28 | 2009-07-28 |
| Mandriva S. A. | Unknown | 2009-07-28 | 2009-07-28 |
| McAfee | Unknown | 2009-07-28 | 2009-07-28 |
| Men & Mice | Unknown | 2009-07-28 | 2009-07-28 |
| Metasolv Software, Inc. | Unknown | 2009-07-28 | 2009-07-28 |
| Microsoft Corporation | Unknown | 2009-08-03 | 2009-08-03 |
| MontaVista Software, Inc. | Unknown | 2009-07-28 | 2009-07-28 |
| NEC Corporation | Unknown | 2009-07-28 | 2009-07-28 |
| NetBSD | Unknown | 2009-07-28 | 2009-07-28 |
| Nixu | Vulnerable | 2009-07-28 | 2009-07-30 |
| Nokia | Unknown | 2009-07-28 | 2009-07-28 |
| Nominum | Not Vulnerable | 2009-07-28 | 2009-07-30 |
| Nortel Networks, Inc. | Unknown | 2009-07-28 | 2009-07-28 |
| Novell, Inc. | Unknown | 2009-07-28 | 2009-07-28 |
| OpenBSD | Vulnerable | 2009-07-28 | 2009-07-30 |
| Openwall GNU/*/Linux | Unknown | 2009-07-28 | 2009-07-28 |
| QNX, Software Systems, Inc. | Unknown | 2009-07-28 | 2009-07-28 |
| Red Hat, Inc. | Vulnerable | 2009-07-28 | 2009-07-30 |
| SafeNet | Unknown | 2009-07-28 | 2009-07-28 |
| Shadowsupport | Unknown | 2009-07-28 | 2009-07-28 |
| Silicon Graphics, Inc. | Unknown | 2009-07-28 | 2009-07-28 |
| Slackware Linux Inc. | Unknown | 2009-07-28 | 2009-07-28 |
| Sony Corporation | Unknown | 2009-07-28 | 2009-07-28 |
| Sun Microsystems, Inc. | Vulnerable | 2009-07-28 | 2009-07-30 |
| SUSE Linux | Vulnerable | 2009-07-28 | 2009-07-31 |
| The SCO Group | Unknown | 2009-07-28 | 2009-07-28 |
| Turbolinux | Unknown | 2009-07-28 | 2009-07-28 |
| Ubuntu | Vulnerable | 2009-07-28 | 2009-07-29 |
| Unisys | Unknown | 2009-07-28 | 2009-07-28 |
| Wind River Systems, Inc. | Unknown | 2009-07-28 | 2009-07-28 |
References
https://www.isc.org/node/474
http://tools.ietf.org/html/rfc2136
http://oldwww.isc.org/sw/bind/view?release=9.4.3-P3&noframes=1
http://oldwww.isc.org/sw/bind/view?release=9.5.1-P3&noframes=1
http://oldwww.isc.org/sw/bind/view?release=9.6.1-P1&noframes=1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975
Credit
Thanks to ISC for reporting this vulnerability.
This document was written by Will Dormann and Chad Dougherty.
Other Information
| Date Public | 07/28/2009 |
| Date First Published | 07/28/2009 03:01:33 PM |
| Date Last Updated | 08/27/2009 |
| CERT Advisory | |
| CVE Name | CVE-2009-0696 |
| Metric | 26.32 |
| Document Revision | 32 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
