Vulnerability Note VU#581682

ISC BIND 8 fails to properly dereference cache SIG RR elements with invalid expiry times from the internal database

Overview

A remotely exploitable denial-of-service vulnerability exists in BIND.

I. Description

A remotely exploitable denial-of-service vulnerability exists in BIND 8.2 - 8.2.6 and BIND 8.3.0 - 8.3.3. ISC's description of this vulnerability states:

It is possible to de-reference a NULL pointer for certian [sic] signature expire values.

II. Impact

The BIND daemon will shut down. As a result, clients will not be able to connect to the service to resolve queries.

III. Solution

Apply a patch from your vendor. In the absence of a patch, you may wish to consider ISC's recommendation, which is upgrading to "BIND 4.9.11, BIND 8.2.7, BIND 8.3.4 or preferably BIND 9." Additionally, ISC indicates, "BIND 4 is officially deprecated. Only security fixes will be issued for BIND 4."

Disable recursion if possible.

Systems Affected

Vendor	Status	Date Notified
Alcatel	Unknown	25-Feb-2003
Apple Computer Inc.	Vulnerable	2-Dec-2002
MontaVista Software	Not Vulnerable	13-Nov-2002
Nominum	Not Vulnerable	13-Nov-2002
Nortel Networks	Vulnerable	3-Dec-2002
Red Hat Inc.	Vulnerable	13-Nov-2002

References

http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
http://www.isc.org/products/BIND/bind-security.html
http://www.ciac.org/ciac/bulletins/n-013.shtml

Credit

Internet Security Systems is credited for discovering this vulnerability.

This document was written by Ian A Finlay.

Other Information

Date Public:	2002-11-12
Date First Published:	2002-11-13
Date Last Updated:	2003-02-25
CERT Advisory:
CVE-ID(s):	CAN-2002-1221
NVD-ID(s):	CAN-2002-1221
US-CERT Technical Alerts:
Metric:	27.54
Document Revision:	8

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader