Vulnerability Note VU#229595

Overly large OPT record assertion

Original Release date: 13 Nov 2002 | Last revised: 30 May 2003

Overview

A remotely exploitable denial-of-service vulnerability exists in BIND. Based on recent reports, we believe this vulnerability is being actively exploited.

Description

A remotely exploitable denial-of-service vulnerability exists in BIND 8.3.0 - 8.3.3. ISC's description of this vulnerability states:

    When constucting [sic] a response a NXDOMAIN response to a ENDS query with a large UDP size it is possible to trigger an assertion.

Impact

The BIND daemon will shut down. As a result, clients will not be able to connect to the service to resolve queries.

Solution

Apply a patch from your vendor. In the absence of a patch, you may wish to consider ISC's recommendation, which is upgrading to "BIND 4.9.11, BIND 8.2.7, BIND 8.3.4 or preferably BIND 9." Additionally, ISC indicates, "BIND 4 is officially deprecated. Only security fixes will be issued for BIND 4."

Disable recursion if possible.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Affected12 Nov 200226 Feb 2003
Hewlett-Packard CompanyAffected12 Nov 200224 Feb 2003
IBMAffected12 Nov 200209 Dec 2002
Red Hat Inc.Affected12 Nov 200212 Nov 2002
The OpenPKG ProjectAffected-19 Nov 2002
TrustixAffected-18 Nov 2002
MontaVista SoftwareNot Affected12 Nov 200212 Nov 2002
NominumNot Affected-13 Nov 2002
Xerox CorporationNot Affected12 Nov 200230 May 2003
3ComUnknown12 Nov 200212 Nov 2002
AdnsUnknown12 Nov 200212 Nov 2002
AksUnknown12 Nov 200212 Nov 2002
AlcatelUnknown12 Nov 200225 Feb 2003
Apache Software FoundationUnknown12 Nov 200212 Nov 2002
AT&TUnknown12 Nov 200212 Nov 2002
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Internet Security Systems is credited for discovering this vulnerability.

This document was written by Ian A Finlay.

Other Information

  • CVE IDs: CAN-2002-1220
  • CERT Advisory: CA-2002-31
  • Date Public: 12 Nov 2002
  • Date First Published: 13 Nov 2002
  • Date Last Updated: 30 May 2003
  • Severity Metric: 33.05
  • Document Revision: 26

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.