Vulnerability Note VU#360341

BIND 9 DNSSEC validation code could cause fake NXDOMAIN responses

Original Release date: 19 Jan 2010 | Last revised: 27 Jan 2010

Overview

A vulnerability exists in the BIND 9 DNSSEC validation code that could be used by an attacker to generate fake NXDOMAIN responses.

Description

BIND 9 contains a vulnerability in DNSSEC validation code. According to ISC:

There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly, so that future queries to the resolver would return the bogus NXDOMAIN with the AD flag set.

This issue affects BIND versions 9.0.x, 9.1.x, 9.2.x, 9.3.x, 9.4.0 -> 9.4.3-P4, 9.5.0 -> 9.5.2-P1, 9.6.0 -> 9.6.1-P2

Impact

An attacker may be able to add fake NXDOMAIN records to a resolver's cache.

Solution

Upgrade BIND to version 9.4.3-P5, 9.5.2-P2 or 9.6.1-P3.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Fedora ProjectAffected14 Jan 201027 Jan 2010
Internet Systems ConsortiumAffected14 Jan 201019 Jan 2010
Red Hat, Inc.Affected14 Jan 201027 Jan 2010
Sun Microsystems, Inc.Affected14 Jan 201027 Jan 2010
The SCO GroupAffected14 Jan 201027 Jan 2010
UbuntuAffected14 Jan 201027 Jan 2010
Alcatel-LucentUnknown14 Jan 201014 Jan 2010
Apple Inc.Unknown14 Jan 201014 Jan 2010
BlueCat Networks, Inc.Unknown14 Jan 201014 Jan 2010
Check Point Software TechnologiesUnknown14 Jan 201014 Jan 2010
Conectiva Inc.Unknown14 Jan 201014 Jan 2010
Cray Inc.Unknown14 Jan 201014 Jan 2010
Debian GNU/LinuxUnknown14 Jan 201014 Jan 2010
DragonFly BSD ProjectUnknown14 Jan 201014 Jan 2010
EMC CorporationUnknown14 Jan 201014 Jan 2010
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This issue was reported by ISC.

This document was written by David Warren.

Other Information

  • CVE IDs: CVE-2010-0097
  • Date Public: 19 Jan 2010
  • Date First Published: 19 Jan 2010
  • Date Last Updated: 27 Jan 2010
  • Document Revision: 12

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.