SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#229595

Overly large OPT record assertion

Overview

A remotely exploitable denial-of-service vulnerability exists in BIND. Based on recent reports, we believe this vulnerability is being actively exploited.

I. Description

A remotely exploitable denial-of-service vulnerability exists in BIND 8.3.0 - 8.3.3. ISC's description of this vulnerability states:

    When constucting [sic] a response a NXDOMAIN response to a ENDS query with a large UDP size it is possible to trigger an assertion.

II. Impact

The BIND daemon will shut down. As a result, clients will not be able to connect to the service to resolve queries.

III. Solution

Apply a patch from your vendor. In the absence of a patch, you may wish to consider ISC's recommendation, which is upgrading to "BIND 4.9.11, BIND 8.2.7, BIND 8.3.4 or preferably BIND 9." Additionally, ISC indicates, "BIND 4 is officially deprecated. Only security fixes will be issued for BIND 4."

Disable recursion if possible.

Systems Affected

VendorStatusDate Updated
3ComUnknown12-Nov-2002
AdnsUnknown12-Nov-2002
AksUnknown12-Nov-2002
AlcatelUnknown25-Feb-2003
Apache Software FoundationUnknown12-Nov-2002
Apple Computer Inc.Vulnerable26-Feb-2003
AT&TUnknown12-Nov-2002
AvayaUnknown12-Nov-2002
BlueCat NetworksUnknown12-Nov-2002
BSDiUnknown12-Nov-2002
Check PointUnknown12-Nov-2002
Cisco Systems Inc.Unknown12-Nov-2002
CistronUnknown12-Nov-2002
Command SoftwareUnknown12-Nov-2002
Compaq Computer CorporationUnknown12-Nov-2002
Computer AssociatesUnknown12-Nov-2002
ConectivaUnknown12-Nov-2002
CovalentUnknown12-Nov-2002
Cray Inc.Unknown12-Nov-2002
CyberSoftUnknown12-Nov-2002
D-Link SystemsUnknown12-Nov-2002
Data FellowsUnknown12-Nov-2002
Data GeneralUnknown12-Nov-2002
Data GeneralUnknown12-Nov-2002
DebianUnknown12-Nov-2002
DjbdnsUnknown12-Nov-2002
EngardeUnknown12-Nov-2002
F-SecureUnknown12-Nov-2002
F5 NetworksUnknown12-Nov-2002
Finjan SoftwareUnknown12-Nov-2002
FreeBSDUnknown12-Nov-2002
FreeRADIUSUnknown12-Nov-2002
FujitsuUnknown12-Nov-2002
Funk SoftwareUnknown12-Nov-2002
GFI SoftwareUnknown12-Nov-2002
GNU glibcUnknown12-Nov-2002
Heimdal Kerberos ProjectUnknown12-Nov-2002
Hewlett-Packard CompanyVulnerable24-Feb-2003
IBMVulnerable9-Dec-2002
InfoBloxUnknown12-Nov-2002
IntelUnknown12-Nov-2002
Interlink NetworksUnknown12-Nov-2002
InterSoft International Inc.Unknown12-Nov-2002
iPlanetUnknown12-Nov-2002
Juniper NetworksUnknown12-Nov-2002
KTH KerberosUnknown12-Nov-2002
LachmanUnknown12-Nov-2002
Lotus SoftwareUnknown12-Nov-2002
Lucent TechnologiesUnknown12-Nov-2002
Macromedia Inc.Unknown12-Nov-2002
MadgoatUnknown12-Nov-2002
MandrakeSoftUnknown12-Nov-2002
Men&MiceUnknown12-Nov-2002
MetaSolv Software Inc.Unknown12-Nov-2002
Microsoft CorporationUnknown12-Nov-2002
MIT Kerberos Development TeamUnknown12-Nov-2002
MontaVista SoftwareNot Vulnerable12-Nov-2002
MultinetUnknown12-Nov-2002
NCFTP SoftwareUnknown12-Nov-2002
NCSAUnknown12-Nov-2002
NEC CorporationUnknown12-Nov-2002
NET-SNMPUnknown12-Nov-2002
NetBSDUnknown12-Nov-2002
Network ApplianceUnknown12-Nov-2002
NeXTUnknown12-Nov-2002
NixuUnknown12-Nov-2002
NokiaUnknown12-Nov-2002
NominumNot Vulnerable13-Nov-2002
Nortel NetworksUnknown12-Nov-2002
Open GroupUnknown12-Nov-2002
OpenBSDUnknown12-Nov-2002
OpenSSHUnknown12-Nov-2002
Openwall GNU/*/LinuxUnknown12-Nov-2002
Oracle CorporationUnknown12-Nov-2002
PuttyUnknown12-Nov-2002
RADIUSClientUnknown12-Nov-2002
Red Hat Inc.Vulnerable12-Nov-2002
Riverstone NetworksUnknown12-Nov-2002
RSA SecurityUnknown12-Nov-2002
SendmailUnknown12-Nov-2002
SequentUnknown12-Nov-2002
SequentUnknown12-Nov-2002
SGIUnknown12-Nov-2002
ShadowSupportUnknown12-Nov-2002
Sony CorporationUnknown12-Nov-2002
SophosUnknown12-Nov-2002
Sun Microsystems Inc.Unknown12-Nov-2002
SuSE Inc.Unknown12-Nov-2002
Symantec CorporationUnknown1-Apr-2003
The OpenPKG ProjectVulnerable19-Nov-2002
The SCO Group (SCO Linux)Unknown12-Nov-2002
Threshold NetworksUnknown12-Nov-2002
Trend MicroUnknown12-Nov-2002
TrustixVulnerable18-Nov-2002
UnisysUnknown12-Nov-2002
Wind River Systems Inc.Unknown12-Nov-2002
WirexUnknown12-Nov-2002
Xerox CorporationNot Vulnerable30-May-2003
Xi GraphicsUnknown12-Nov-2002
XTRADIUSUnknown12-Nov-2002
YARD RADIUSUnknown12-Nov-2002

References


http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
http://www.isc.org/products/BIND/bind-security.html
http://www.ciac.org/ciac/bulletins/n-013.shtml

Credit

Internet Security Systems is credited for discovering this vulnerability.

This document was written by Ian A Finlay.

Other Information

Date Public11/12/2002
Date First Published11/13/2002 03:53:50 PM
Date Last Updated05/30/2003
CERT AdvisoryCA-2002-31
CVE NameCAN-2002-1220
US-CERT Technical Alerts 
Metric33.05
Document Revision26

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2002 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader