|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
 |
Vulnerability Note VU#915404
BIND vulnerable to an assertion failure when querying for SIG records
OverviewA vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system.
I. DescriptionThe Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC). A flaw exists in the way that some versions of BIND handle DNS Security Extensions (DNSSEC) signed Resource Record Sets (RRsets).
The specific impact of this vulnerability is slightly different depending on the type of DNS server involved. For recursive servers, queries for SIG records will trigger an assertion failure if more than one SIG(covered) RRset is returned. For authoritative servers, if a name server is serving a RFC 2535 DNSSEC zone and is queried for the SIG records where there are multiple SIG(covered) RRsets (e.g., a zone apex) then the name server daemon will trigger an assertion failure when it tries to construct the response.
This vulnerability affects BIND 9.3.x versions 9.3.0, 9.3.1, 9.3.2, 9.3.3b, and 9.3.3rc1, and BIND 9.4.x versions 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, and 9.4.0b1.
II. ImpactA remote attacker may be able to cause the name server daemon to crash, thereby causing a denial of service for DNS operations.
III. SolutionApply a patch from the vendor
Patches have been released in response to this issue. Please see the Systems Affected section of this document.
Upgrade
Users who compile their own versions of BIND from the original ISC source code are encouraged to upgrade to BIND 9.3.2-P1. Patches for this issue are also included in BIND versions 9.3.3rc2 and 9.4.0b2. Patched versions of the software are available from the BIND download page.
Restrict Access
Administrators, particularly those who are unable to apply a patch, can limit exposure to this vulnerability by restricting sources that can ask for recursion.
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
|---|
| Apple Computer, Inc. | Unknown | 23-Aug-2006 |
| BlueCat Networks, Inc. | Unknown | 23-Aug-2006 |
| Check Point Software Technologies | Unknown | 23-Aug-2006 |
| Conectiva Inc. | Unknown | 23-Aug-2006 |
| Cray Inc. | Unknown | 23-Aug-2006 |
| Debian GNU/Linux | Vulnerable | 11-Sep-2006 |
| EMC, Inc. (formerly Data General Corporation) | Unknown | 23-Aug-2006 |
| Engarde Secure Linux | Unknown | 23-Aug-2006 |
| F5 Networks, Inc. | Vulnerable | 7-Sep-2006 |
| Fedora Project | Unknown | 23-Aug-2006 |
| FreeBSD, Inc. | Vulnerable | 7-Sep-2006 |
| Fujitsu | Unknown | 23-Aug-2006 |
| Gentoo Linux | Vulnerable | 2-Oct-2006 |
| Gnu ADNS | Unknown | 23-Aug-2006 |
| GNU glibc | Unknown | 23-Aug-2006 |
| Hewlett-Packard Company | Unknown | 23-Aug-2006 |
| Hitachi | Not Vulnerable | 5-Sep-2006 |
| IBM Corporation | Unknown | 23-Aug-2006 |
| IBM Corporation (zseries) | Unknown | 23-Aug-2006 |
| IBM eServer | Unknown | 23-Aug-2006 |
| Immunix Communications, Inc. | Unknown | 23-Aug-2006 |
| Infoblox | Not Vulnerable | 7-Sep-2006 |
| Ingrian Networks, Inc. | Unknown | 23-Aug-2006 |
| Internet Software Consortium | Vulnerable | 6-Sep-2006 |
| Juniper Networks, Inc. | Not Vulnerable | 5-Sep-2006 |
| Lucent Technologies | Unknown | 23-Aug-2006 |
| Mandriva, Inc. | Vulnerable | 11-Sep-2006 |
| Men & Mice | Unknown | 23-Aug-2006 |
| Metasolv Software, Inc. | Unknown | 23-Aug-2006 |
| Microsoft Corporation | Unknown | 23-Aug-2006 |
| MontaVista Software, Inc. | Unknown | 23-Aug-2006 |
| NEC Corporation | Unknown | 23-Aug-2006 |
| NetBSD | Vulnerable | 2-Oct-2006 |
| Nokia | Unknown | 23-Aug-2006 |
| Nortel Networks, Inc. | Unknown | 23-Aug-2006 |
| Novell, Inc. | Unknown | 23-Aug-2006 |
| OpenBSD | Vulnerable | 7-Sep-2006 |
| OpenPKG | Vulnerable | 7-Sep-2006 |
| Openwall GNU/*/Linux | Vulnerable | 11-Sep-2006 |
| QNX, Software Systems, Inc. | Unknown | 23-Aug-2006 |
| Red Hat, Inc. | Unknown | 23-Aug-2006 |
| rPath | Vulnerable | 25-Sep-2006 |
| Shadowsupport | Unknown | 23-Aug-2006 |
| Silicon Graphics, Inc. | Unknown | 23-Aug-2006 |
| Slackware Linux Inc. | Vulnerable | 2-Oct-2006 |
| Sony Corporation | Unknown | 23-Aug-2006 |
| Sun Microsystems, Inc. | Not Vulnerable | 14-Sep-2006 |
| SUSE Linux | Unknown | 23-Aug-2006 |
| The SCO Group | Unknown | 23-Aug-2006 |
| Trustix Secure Linux | Vulnerable | 2-Oct-2006 |
| Turbolinux | Unknown | 23-Aug-2006 |
| Ubuntu | Vulnerable | 7-Sep-2006 |
| Unisys | Unknown | 23-Aug-2006 |
| Wind River Systems, Inc. | Unknown | 23-Aug-2006 |
References
http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en
http://jvn.jp/cert/JVNVU%23915404/index.html
http://secunia.com/advisories/21752/
http://secunia.com/advisories/21816/
Credit
Thanks to Joao Damas of the Internet Software Consortium for reporting this vulnerability.
This document was written by Chad R Dougherty.
Other Information
| Date Public: | 2006-09-05 |
| Date First Published: | 2006-09-05 |
| Date Last Updated: | 2006-10-02 |
| CERT Advisory: | |
| CVE-ID(s): | CVE-2006-4095 |
| NVD-ID(s): | CVE-2006-4095 |
| US-CERT Technical Alerts: | |
| Metric: | 7.83 |
| Document Revision: | 13 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader