Vulnerability Note VU#734644
ISC BIND 8 vulnerable to cache poisoning via negative responses
Overview
The BIND 8 name server contains a cache poisoning vulnerability that allows attackers to conduct denial-of-service attacks on specific target domains.
Description
Several versions of the BIND 8 name server are vulnerable to cache poisoning via negative responses. To exploit this vulnerability, an attacker must configure a name server to return authoritative negative responses for a given target domain. Then, the attacker must convince a victim user to query the attacker's maliciously configured name server. When the attacker's name server receives the query, it will reply with an authoritative negative response containing a large TTL (time-to-live) value. If the victim's site runs a vulnerable version of BIND 8, it will cache the negative response and render the target domain unreachable until the TTL expires. |
Impact
Attackers may conduct denial-of-service attacks on specific target domains by enticing users to query a malicious name server. |
Solution
Upgrade BIND The ISC has prepared BIND 8.3.7 and BIND 8.4.3 to address this vulnerability. Name servers running BIND 4 are not affected. To obtain the latest versions of BIND, please visit Apply a patch or updated version from your vendor Many operating system vendors include BIND with their products and will be preparing new versions to address this vulnerability. For a list of vendors that the CERT/CC has received information from regarding this vulnerability, please see the Systems Affected section of this document. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Apple Computer Inc. | Affected | 21 Oct 2003 | 11 Dec 2003 |
| FreeBSD | Affected | 21 Oct 2003 | 01 Dec 2003 |
| Guardian Digital Inc. | Affected | 21 Oct 2003 | 02 Dec 2003 |
| Hewlett-Packard Company | Affected | 21 Oct 2003 | 03 Dec 2003 |
| IBM | Affected | 21 Oct 2003 | 03 Dec 2003 |
| Immunix | Affected | - | 01 Dec 2003 |
| Internet Software Consortium | Affected | 04 Sep 2003 | 01 Dec 2003 |
| NetBSD | Affected | 21 Oct 2003 | 17 Nov 2003 |
| Nixu | Affected | 21 Oct 2003 | 20 Nov 2003 |
| Sun Microsystems Inc. | Affected | 21 Oct 2003 | 01 Dec 2003 |
| SuSE Inc. | Affected | 21 Oct 2003 | 01 Dec 2003 |
| The SCO Group (SCO UnixWare) | Affected | 21 Oct 2003 | 03 Dec 2003 |
| Trustix Secure Linux | Affected | - | 01 Dec 2003 |
| adns | Not Affected | 21 Oct 2003 | 20 Nov 2003 |
| Check Point | Not Affected | 21 Oct 2003 | 27 Oct 2003 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.isc.org/products/BIND/bind8.html
- http://marc.theaimsgroup.com/?l=bind-announce&m=106988846219834&w=2
- http://marc.theaimsgroup.com/?l=bind-announce&m=106988846919846&w=2
- http://secunia.com/advisories/10300/
Credit
The CERT/CC thanks the Internet Software Consortium for bringing this vulnerability to our attention.
This document was written by Jeffrey P. Lanza.
Other Information
- CVE IDs: CAN-2003-0914
- Date Public: 26 Nov 2003
- Date First Published: 01 Dec 2003
- Date Last Updated: 04 Jan 2004
- Severity Metric: 1.50
- Document Revision: 40
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.