Vulnerability Note VU#360341

BIND 9 DNSSEC validation code could cause fake NXDOMAIN responses

Overview

A vulnerability exists in the BIND 9 DNSSEC validation code that could be used by an attacker to generate fake NXDOMAIN responses.

I. Description

BIND 9 contains a vulnerability in DNSSEC validation code. According to ISC:

There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly, so that future queries to the resolver would return the bogus NXDOMAIN with the AD flag set.

This issue affects BIND versions 9.0.x, 9.1.x, 9.2.x, 9.3.x, 9.4.0 -> 9.4.3-P4, 9.5.0 -> 9.5.2-P1, 9.6.0 -> 9.6.1-P2

II. Impact

An attacker may be able to add fake NXDOMAIN records to a resolver's cache.

III. Solution

Upgrade BIND to version 9.4.3-P5, 9.5.2-P2 or 9.6.1-P3.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Alcatel-Lucent	Unknown	2010-01-14	2010-01-14
Apple Inc.	Unknown	2010-01-14	2010-01-14
BlueCat Networks, Inc.	Unknown	2010-01-14	2010-01-14
Check Point Software Technologies	Unknown	2010-01-14	2010-01-14
Conectiva Inc.	Unknown	2010-01-14	2010-01-14
Cray Inc.	Unknown	2010-01-14	2010-01-14
Debian GNU/Linux	Unknown	2010-01-14	2010-01-14
DragonFly BSD Project	Unknown	2010-01-14	2010-01-14
EMC Corporation	Unknown	2010-01-14	2010-01-14
Engarde Secure Linux	Unknown	2010-01-14	2010-01-14
Ericsson	Unknown	2010-01-14	2010-01-14
F5 Networks, Inc.	Unknown	2010-01-14	2010-01-14
Fedora Project	Vulnerable	2010-01-14	2010-01-27
FreeBSD Project	Unknown	2010-01-14	2010-01-14
Fujitsu	Unknown	2010-01-14	2010-01-14
Gentoo Linux	Unknown	2010-01-14	2010-01-14
Gnu ADNS	Unknown	2010-01-14	2010-01-14
GNU glibc	Unknown	2010-01-14	2010-01-14
Hewlett-Packard Company	Unknown	2010-01-14	2010-01-14
Hitachi	Unknown	2010-01-14	2010-01-14
IBM Corporation	Unknown	2010-01-14	2010-01-14
IBM Corporation (zseries)	Unknown	2010-01-14	2010-01-14
IBM eServer	Unknown	2010-01-14	2010-01-14
Infoblox	Unknown	2010-01-14	2010-01-14
Internet Systems Consortium	Vulnerable	2010-01-14	2010-01-19
Juniper Networks, Inc.	Unknown	2010-01-14	2010-01-14
Mandriva S. A.	Unknown	2010-01-14	2010-01-14
McAfee	Unknown	2010-01-14	2010-01-14
Men & Mice	Unknown	2010-01-14	2010-01-14
Microsoft Corporation	Unknown	2010-01-14	2010-01-14
MontaVista Software, Inc.	Unknown	2010-01-14	2010-01-14
NEC Corporation	Unknown	2010-01-14	2010-01-14
NetBSD	Unknown	2010-01-14	2010-01-14
Nokia	Unknown	2010-01-14	2010-01-14
Nominum	Unknown	2010-01-14	2010-01-14
Nortel Networks, Inc.	Unknown	2010-01-14	2010-01-14
Novell, Inc.	Unknown	2010-01-14	2010-01-14
OpenBSD	Unknown	2010-01-14	2010-01-14
Openwall GNU/*/Linux	Unknown	2010-01-14	2010-01-14
QNX Software Systems Inc.	Unknown	2010-01-14	2010-01-14
Red Hat, Inc.	Vulnerable	2010-01-14	2010-01-27
SafeNet	Unknown	2010-01-14	2010-01-14
Shadowsupport	Unknown	2010-01-14	2010-01-14
Silicon Graphics, Inc.	Unknown	2010-01-14	2010-01-14
Slackware Linux Inc.	Unknown	2010-01-14	2010-01-14
Sony Corporation	Unknown	2010-01-14	2010-01-14
Sun Microsystems, Inc.	Vulnerable	2010-01-14	2010-01-27
SUSE Linux	Unknown	2010-01-14	2010-01-14
The SCO Group	Vulnerable	2010-01-14	2010-01-27
Turbolinux	Unknown	2010-01-14	2010-01-14
Ubuntu	Vulnerable	2010-01-14	2010-01-27
Unisys	Unknown	2010-01-14	2010-01-14
Wind River Systems, Inc.	Unknown	2010-01-14	2010-01-14

References

https://www.isc.org/advisories/CVE-2010-0097

Credit

This issue was reported by ISC.

This document was written by David Warren.

Other Information

Date Public:	2010-01-19
Date First Published:	2010-01-19
Date Last Updated:	2010-01-27
CERT Advisory:
CVE-ID(s):	CVE-2010-0097
NVD-ID(s):	CVE-2010-0097
US-CERT Technical Alerts:
Metric:	0.00
Document Revision:	12

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2010 by US-CERT, a government organization
Disclaimers and copyright information Get a PDF Reader