Vulnerability Note VU#542123
ISC BIND 9 resolver cache vulnerability
Overview
ISC BIND 9 resolver contains a vulnerability that could allow a attacker to keep a domain name in the cache even after it has been deleted from registration.
Description
According to ISC: ISC has been notified by Haixin Duan (a professor at Tsinghua University in Beijing China, who is currently visiting the International Computer Science Institute (ICSI) at the University of California, Berkeley) about a DNS resolver vulnerability. This vulnerability allows a miscreant to keep a domain name in the cache even after it has been deleted from registration. ISC is evaluating the risk of this vulnerability, but the published paper shows how this was done live across the Internet. It lists several DNS implementations and open resolver deployments as vulnerable. |
Impact
A remote, unauthenticated attacker can cause the BIND 9 resolver to keep a domain name in the cache even after it has been deleted from registration. |
Solution
We are currently unaware of a practical solution to this problem. |
Vendor Information (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Internet Systems Consortium | Affected | - | 08 Feb 2012 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | 5.0 | AV:N/AC:L/Au:N/C:N/I:P/A:N |
| Temporal | 3.9 | E:POC/RL:OF/RC:C |
| Environmental | 3.9 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND |
References
- https://www.isc.org/software/bind/advisories/cve-2012-1033
- http://www.internetsociety.org/events/ndss-symposium-2012/symposium-program/feb08
Credit
The Internet Systems Consortium thanks the following people for reporting this vulnerability:
Jian Jiang, Network Research Center, Tsinghua University
Haixin Duan, Network Research Center, Tsinghua University
Jianping Wu, Network Research Center, Tsinghua University
Kang Li, Department of Computer Science, University of Georgia
Jun Li, University of Oregon Carlos III University of Madrid, Institute IMDEA Networks
Jinjin Liang, Network Research Center Tsinghua University
Nicholas Weaver, International Computer Science Institute (ICSI)
This document was written by Michael Orlando.
Other Information
- CVE IDs: CVE-2012-1033
- Date Public: 07 Feb 2012
- Date First Published: 08 Feb 2012
- Date Last Updated: 23 Jul 2012
- Severity Metric: 19.89
- Document Revision: 71
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.