Vulnerability Note VU#739123

ISC BIND 9 fails to process additional data chains in responses correctly thereby causing the server to fail an internal consistency check

Overview

A denial-of-service vulnerability exists in version 9 of the Internet Software Consortium's (ISC) Berkeley Internet Name Domain (BIND) server. ISC BIND versions 8 and 4 are not affected. Exploiting this vulnerability will cause vulnerable BIND servers to shut down.

I. Description

BIND is an implementation of the Domain Name System (DNS) that is maintained by the ISC. A vulnerability in Version 9 of BIND exists which may result in the deliberate shutdown of vulnerable BIND servers by arbitrary remote attackers. The shutdown can be caused by a specific DNS packet designed to create an improperly-handled error condition. Because the error condition is correctly detected but is not handled properly, this vulnerability will not allow an intruder to execute arbitrary code or write data to arbitrary locations in memory. The error condition that triggers the shutdown occurs when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL as expected. The condition causes the code to assert an error message and call abort() to shutdown the BIND server.

II. Impact

Exploitation of this vulnerability will cause the vulnerable BIND server to abort and shut down. As a result, the BIND server will not be available unless restarted.

III. Solution

Apply a patch from your vendor or upgrade to BIND 9.2.1. BIND 9.2.1 is available from http://www.isc.org/products/BIND/bind9.html.

Systems Affected

Vendor	Status	Date Updated
3Com	Unknown	30-May-2002
Alcatel	Not Vulnerable	18-Sep-2002
Apple Computer Inc.	Not Vulnerable	31-May-2002
AT&T	Unknown	30-May-2002
BSDI	Not Vulnerable	4-Jun-2002
Cisco Systems Inc.	Unknown	30-May-2002
Compaq Computer Corporation	Not Vulnerable	4-Jun-2002
Cray Inc.	Not Vulnerable	30-May-2002
Data General	Unknown	30-May-2002
Debian	Unknown	30-May-2002
djbdns	Not Vulnerable	11-Jun-2002
Engarde	Not Vulnerable	30-May-2002
F5 Networks	Vulnerable	11-Jun-2002
FreeBSD	Not Vulnerable	30-May-2002
Fujitsu	Unknown	30-May-2002
Hewlett-Packard Company	Vulnerable	8-Aug-2002
IBM	Not Vulnerable	4-Jun-2002
IBM-zSeries	Unknown	30-May-2002
Inktomi Corporation	Not Vulnerable	11-Jun-2002
Intel	Unknown	30-May-2002
ISC	Vulnerable	30-May-2002
Juniper Networks	Unknown	30-May-2002
Lucent	Unknown	30-May-2002
MandrakeSoft	Vulnerable	3-Jun-2002
Microsoft Corporation	Not Vulnerable	30-May-2002
NEC Corporation	Not Vulnerable	3-Jun-2002
NetBSD	Vulnerable	4-Jun-2002
Network Appliance	Not Vulnerable	3-Jun-2002
Nortel Networks	Unknown	4-Jun-2002
OpenBSD	Unknown	30-May-2002
Red Hat Inc.	Vulnerable	3-Jun-2002
Sequent	Unknown	30-May-2002
SGI	Not Vulnerable	30-May-2002
Sony Corporation	Unknown	30-May-2002
Sun Microsystems Inc.	Not Vulnerable	31-May-2002
SuSE Inc.	Vulnerable	3-Jun-2002
The SCO Group (SCO UnixWare)	Vulnerable	13-Sep-2002
Unisphere Networks	Not Vulnerable	30-May-2002
Unisys	Unknown	30-May-2002
Wind River Systems Inc.	Unknown	30-May-2002

References

http://www.isc.org/products/BIND/bind9.html
ftp://ftp.isc.org/isc/bind9/9.2.1/bind-9.2.1.tar.gz
ftp://ftp.isc.org/isc/bind9/9.2.1/bind-9.2.1.tar.gz.asc
ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.2.1/BIND9.2.1.zip
ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.2.1/BIND9.2.1.zip.asc
http://www.securityfocus.com/bid/4936

Credit

The CERT/CC thanks the Internet Software Consortium (ISC) for reporting this vulnerability to us.

This document was written by Ian A. Finlay.

Other Information

Date Public	05/04/2001
Date First Published	06/04/2002 04:19:52 PM
Date Last Updated	09/18/2002
CERT Advisory	CA-2002-15
CVE Name	CAN-2002-0400
US-CERT Technical Alerts
Metric	40.80
Document Revision	56

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader