SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#327633

BIND 8.4.4 and 8.4.5 vulnerable to buffer overflow in q_usedns

Overview

A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system.

I. Description

The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC). A buffer overflow error exists in the handling of the q_usedns array used by the server to track nameservers and addresses that have been queried. This vulnerability only affects BIND versions 8.4.4 and 8.4.5.

II. Impact

A remote attacker may be able to cause the name server daemon to crash, thereby causing a denial of service for DNS operations.

III. Solution

Apply a patch from the vendor

Patches have been released in response to this issue. Please see the Systems Affected section of this document.

Upgrade

Users who compile their own versions of BIND from the original ISC source code are encouraged to upgrade to BIND version 8.4.6 which includes a patch for this issue.

Workarounds

ISC recommends that users who are unable to apply the patch disable recursion and glue fetching.

Systems Affected

VendorStatusDate Updated
AdnsUnknown17-Jan-2005
Apple Computer Inc.Not Vulnerable18-Mar-2005
BlueCat NetworksUnknown17-Jan-2005
Check PointNot Vulnerable24-Jan-2005
ConectivaUnknown17-Jan-2005
Cray Inc.Unknown17-Jan-2005
DebianVulnerable25-Jan-2005
EMC CorporationUnknown17-Jan-2005
EngardeUnknown17-Jan-2005
F5 NetworksUnknown17-Jan-2005
FreeBSDUnknown17-Jan-2005
FujitsuUnknown17-Jan-2005
GNU glibcUnknown17-Jan-2005
Hewlett-Packard CompanyUnknown17-Jan-2005
HitachiNot Vulnerable20-Jan-2005
IBMNot Vulnerable24-Jan-2005
IBM-zSeriesUnknown17-Jan-2005
IBM eServerUnknown1-Feb-2005
ImmunixUnknown17-Jan-2005
InfoBloxUnknown4-Feb-2005
Ingrian NetworksUnknown17-Jan-2005
ISCVulnerable25-Jan-2005
Juniper NetworksNot Vulnerable24-Jan-2005
Lucent TechnologiesUnknown17-Jan-2005
MandrakeSoftNot Vulnerable31-Jan-2005
Men&MiceUnknown17-Jan-2005
MetaSolv Software Inc.Unknown17-Jan-2005
Microsoft CorporationUnknown17-Jan-2005
MontaVista SoftwareUnknown17-Jan-2005
NEC CorporationNot Vulnerable18-Mar-2005
NetBSDUnknown17-Jan-2005
NokiaUnknown17-Jan-2005
Nortel NetworksUnknown17-Jan-2005
NovellUnknown17-Jan-2005
OpenBSDUnknown17-Jan-2005
Openwall GNU/*/LinuxUnknown17-Jan-2005
Red Hat Inc.Not Vulnerable18-Jan-2005
SCO-LINUXUnknown17-Jan-2005
SCO-UNIXUnknown17-Jan-2005
SequentUnknown17-Jan-2005
SGIUnknown17-Jan-2005
Sony CorporationUnknown17-Jan-2005
Sun Microsystems Inc.Not Vulnerable24-Jan-2005
SuSE Inc.Unknown17-Jan-2005
TurboLinuxUnknown17-Jan-2005
UnisysUnknown17-Jan-2005
Wind River Systems Inc.Unknown17-Jan-2005

References


http://www.isc.org/sw/bind/bind-security.php
http://www.niscc.gov.uk/niscc/docs/al-20050125-00059.html?lang=en

Credit

Thanks to Joao Damas of the Internet Systems Consortium for reporting this vulnerability.

This document was written by Chad Dougherty based on information provided by ISC.

Other Information

Date Public01/25/2005
Date First Published01/25/2005 04:19:15 PM
Date Last Updated03/18/2005
CERT Advisory 
CVE NameCAN-2005-0033
US-CERT Technical Alerts 
Metric1.91
Document Revision21

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2005 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader