Vulnerability Note VU#718460

ISC BIND denial of service vulnerability

Overview

A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system.

I. Description

The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC).

BIND version 9.4.0 contains a vulnerability in the way that the query_addsoa() function is called. A remote attacker with the ability to send a specific sequence of queries to a vulnerable system can cause the nameserver to exit. Note that recursion must be enabled on the nameserver for this vulnerability to be exposed.

II. Impact

A remote attacker may be able to cause the name server daemon to exit prematurely, thereby causing a denial of service for DNS operations.

III. Solution

Upgrade

Users who compile their own copies of the affected version of BIND (9.4.0) from the original ISC source code are encouraged to upgrade to BIND version 9.4.1 (or later), which includes a patch for this issue.

Workarounds

Disable Recursion
Users, particularly those who are not able to upgrade, are encouraged to disable recursion ('recursion no;' set in named.conf) if it is not required by their configuration.

Systems Affected

Vendor	Status	Date Notified
Apple Computer, Inc.	Not Vulnerable	15-May-2007
BlueCat Networks, Inc.	Unknown	2-May-2007
Check Point Software Technologies	Unknown	2-May-2007
Conectiva Inc.	Unknown	2-May-2007
Cray Inc.	Unknown	2-May-2007
Debian GNU/Linux	Unknown	2-May-2007
EMC, Inc. (formerly Data General Corporation)	Unknown	2-May-2007
Engarde Secure Linux	Unknown	2-May-2007
F5 Networks, Inc.	Unknown	2-May-2007
Fedora Project	Unknown	2-May-2007
FreeBSD, Inc.	Unknown	2-May-2007
Fujitsu	Unknown	2-May-2007
Gentoo Linux	Unknown	2-May-2007
Gnu ADNS	Unknown	2-May-2007
GNU glibc	Unknown	2-May-2007
Hewlett-Packard Company	Unknown	2-May-2007
Hitachi	Unknown	2-May-2007
IBM Corporation	Unknown	2-May-2007
IBM Corporation (zseries)	Unknown	2-May-2007
IBM eServer	Unknown	2-May-2007
Immunix Communications, Inc.	Unknown	2-May-2007
Infoblox	Unknown	2-May-2007
Ingrian Networks, Inc.	Unknown	2-May-2007
Internet Software Consortium	Vulnerable	2-May-2007
Juniper Networks, Inc.	Unknown	2-May-2007
Lucent Technologies	Unknown	2-May-2007
Mandriva, Inc.	Vulnerable	15-May-2007
Men & Mice	Unknown	2-May-2007
Metasolv Software, Inc.	Unknown	2-May-2007
Microsoft Corporation	Unknown	2-May-2007
MontaVista Software, Inc.	Unknown	2-May-2007
NEC Corporation	Unknown	2-May-2007
NetBSD	Vulnerable	3-Jul-2007
Nokia	Unknown	2-May-2007
Nortel Networks, Inc.	Unknown	2-May-2007
Novell, Inc.	Not Vulnerable	9-May-2007
OpenBSD	Unknown	2-May-2007
Openwall GNU/*/Linux	Not Vulnerable	9-May-2007
QNX, Software Systems, Inc.	Unknown	2-May-2007
Red Hat, Inc.	Unknown	2-May-2007
Shadowsupport	Unknown	2-May-2007
Silicon Graphics, Inc.	Unknown	2-May-2007
Slackware Linux Inc.	Not Vulnerable	3-May-2007
Sony Corporation	Unknown	2-May-2007
Sun Microsystems, Inc.	Not Vulnerable	15-May-2007
SUSE Linux	Unknown	2-May-2007
The SCO Group	Unknown	2-May-2007
Trustix Secure Linux	Unknown	2-May-2007
Turbolinux	Unknown	2-May-2007
Ubuntu	Not Vulnerable	3-May-2007
Unisys	Unknown	2-May-2007
Wind River Systems, Inc.	Unknown	2-May-2007

References

http://www.isc.org/sw/bind/bind-security.php
http://secunia.com/advisories/25070/

Credit

Thanks to Mark Andrews of the Internet Systems Consortium (ISC) for reporting this vulnerability.

This document was written by Chad R Dougherty.

Other Information

Date Public:	2007-05-01
Date First Published:	2007-05-03
Date Last Updated:	2007-07-03
CERT Advisory:
CVE-ID(s):	CVE-2007-2241
NVD-ID(s):	CVE-2007-2241
US-CERT Technical Alerts:
Metric:	6.90
Document Revision:	13

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2007 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader