Vulnerability Note VU#229595
Overly large OPT record assertion
A remotely exploitable denial-of-service vulnerability exists in BIND. Based on recent reports, we believe this vulnerability is being actively exploited.
A remotely exploitable denial-of-service vulnerability exists in BIND 8.3.0 - 8.3.3. ISC's description of this vulnerability states:
When constucting [sic] a response a NXDOMAIN response to a ENDS query with a large UDP size it is possible to trigger an assertion.
The BIND daemon will shut down. As a result, clients will not be able to connect to the service to resolve queries.
Apply a patch from your vendor. In the absence of a patch, you may wish to consider ISC's recommendation, which is upgrading to "BIND 4.9.11, BIND 8.2.7, BIND 8.3.4 or preferably BIND 9." Additionally, ISC indicates, "BIND 4 is officially deprecated. Only security fixes will be issued for BIND 4."
Disable recursion if possible.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer Inc.||Affected||12 Nov 2002||26 Feb 2003|
|Hewlett-Packard Company||Affected||12 Nov 2002||24 Feb 2003|
|IBM||Affected||12 Nov 2002||09 Dec 2002|
|Red Hat Inc.||Affected||12 Nov 2002||12 Nov 2002|
|The OpenPKG Project||Affected||-||19 Nov 2002|
|Trustix||Affected||-||18 Nov 2002|
|MontaVista Software||Not Affected||12 Nov 2002||12 Nov 2002|
|Nominum||Not Affected||-||13 Nov 2002|
|Xerox Corporation||Not Affected||12 Nov 2002||30 May 2003|
|3Com||Unknown||12 Nov 2002||12 Nov 2002|
|Adns||Unknown||12 Nov 2002||12 Nov 2002|
|Aks||Unknown||12 Nov 2002||12 Nov 2002|
|Alcatel||Unknown||12 Nov 2002||25 Feb 2003|
|Apache Software Foundation||Unknown||12 Nov 2002||12 Nov 2002|
|AT&T||Unknown||12 Nov 2002||12 Nov 2002|
CVSS Metrics (Learn More)
Internet Security Systems is credited for discovering this vulnerability.
This document was written by Ian A Finlay.
- CVE IDs: CAN-2002-1220
- CERT Advisory: CA-2002-31
- Date Public: 12 Nov 2002
- Date First Published: 13 Nov 2002
- Date Last Updated: 30 May 2003
- Severity Metric: 33.05
- Document Revision: 26
If you have feedback, comments, or additional information about this vulnerability, please send us email.