Vulnerability Note VU#606539

ISC BIND 9 resolver denial of service vulnerability

Original Release date: 22 Nov 2011 | Last revised: 06 Jan 2012

Overview

ISC BIND 9 resolver contains a remote packet denial of service vulnerability after logging an error in query.c.

Description

According to ISC:

An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. ISC is working on determining the ultimate cause by which a record with this particular inconsistency is cached.At this time we are making available a patch which makes named recover gracefully from the inconsistency, preventing the abnormal exit.

The patch has two components. When a client query is handled, the code which processes the response to the client has to ask the cache for the records for the name that is being queried. The first component of the patch prevents the cache from returning the inconsistent data. The second component prevents named from crashing if it detects that it has been given an inconsistent answer of this nature.

Impact

A remote, unauthenticated attacker can cause the BIND 9 resolver to crash creating a denial of service condition.

Solution


Apply an update

Users who obtain BIND from a third-party vendor, such as their operating system vendor, should see the vendor information portion of this document for a partial list of affected vendors.

This vulnerability is addressed in ISC BIND versions 9.4-ESV-R5-P1, 9.6-ESV-R5-P1, 9.7.4-P1 and 9.8.1-P1. Users of BIND from the original source distribution should upgrade to this version.

See also http://www.isc.org/software/bind/advisories/cve-2011-4313

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Debian GNU/LinuxAffected-06 Jan 2012
Fedora ProjectAffected-06 Jan 2012
Hewlett-Packard CompanyAffected-06 Jan 2012
Internet Systems ConsortiumAffected-16 Nov 2011
Mandriva S. A.Affected-06 Jan 2012
Oracle CorporationAffected-28 Nov 2011
Red Hat, Inc.Affected-06 Jan 2012
SUSE LinuxAffected-06 Jan 2012
UbuntuAffected-06 Jan 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Internet Systems Consortium for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

  • CVE IDs: CVE-2011-4313
  • Date Public: 16 Nov 2011
  • Date First Published: 22 Nov 2011
  • Date Last Updated: 06 Jan 2012
  • Severity Metric: 21.92
  • Document Revision: 11

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.