search menu icon-carat-right cmu-wordmark

CERT Coordination Center


ISC BIND 9 resolver cache vulnerability

Vulnerability Note VU#542123

Original Release Date: 2012-02-08 | Last Revised: 2012-07-23

Overview

ISC BIND 9 resolver contains a vulnerability that could allow a attacker to keep a domain name in the cache even after it has been deleted from registration.

Description

According to ISC:

ISC has been notified by Haixin Duan (a professor at Tsinghua University in Beijing China, who is currently visiting the International Computer Science Institute (ICSI) at the University of California, Berkeley) about a DNS resolver vulnerability. This vulnerability allows a miscreant to keep a domain name in the cache even after it has been deleted from registration. ISC is evaluating the risk of this vulnerability, but the published paper shows how this was done live across the Internet. It lists several DNS implementations and open resolver deployments as vulnerable.

The exploit was presented at the NDSS conference: "Ghost Domain Names: Revoked Yet Still Resolvable."

Impact

A remote, unauthenticated attacker can cause the BIND 9 resolver to keep a domain name in the cache even after it has been deleted from registration.

Solution

We are currently unaware of a practical solution to this problem.

Vendor Information

542123
Expand all

Internet Systems Consortium

Updated:  February 08, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://www.isc.org/software/bind/advisories/cve-2012-1033

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N
Temporal 3.9 E:POC/RL:OF/RC:C
Environmental 3.9 CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

Credit

The Internet Systems Consortium thanks the following people for reporting this vulnerability: Jian Jiang, Network Research Center, Tsinghua University Haixin Duan, Network Research Center, Tsinghua University Jianping Wu, Network Research Center, Tsinghua University Kang Li, Department of Computer Science, University of Georgia Jun Li, University of Oregon Carlos III University of Madrid, Institute IMDEA Networks Jinjin Liang, Network Research Center Tsinghua University Nicholas Weaver, International Computer Science Institute (ICSI)

This document was written by Michael Orlando.

Other Information

CVE IDs: CVE-2012-1033
Severity Metric: 19.89
Date Public: 2012-02-07
Date First Published: 2012-02-08
Date Last Updated: 2012-07-23 21:07 UTC
Document Revision: 71

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.