search menu icon-carat-right cmu-wordmark

CERT Coordination Center


ISC BIND 9 resolver denial of service vulnerability

Vulnerability Note VU#606539

Original Release Date: 2011-11-22 | Last Revised: 2012-01-06

Overview

ISC BIND 9 resolver contains a remote packet denial of service vulnerability after logging an error in query.c.

Description

According to ISC:

An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. ISC is working on determining the ultimate cause by which a record with this particular inconsistency is cached.At this time we are making available a patch which makes named recover gracefully from the inconsistency, preventing the abnormal exit.

The patch has two components. When a client query is handled, the code which processes the response to the client has to ask the cache for the records for the name that is being queried. The first component of the patch prevents the cache from returning the inconsistent data. The second component prevents named from crashing if it detects that it has been given an inconsistent answer of this nature.

Impact

A remote, unauthenticated attacker can cause the BIND 9 resolver to crash creating a denial of service condition.

Solution


Apply an update

Users who obtain BIND from a third-party vendor, such as their operating system vendor, should see the vendor information portion of this document for a partial list of affected vendors.

This vulnerability is addressed in ISC BIND versions 9.4-ESV-R5-P1, 9.6-ESV-R5-P1, 9.7.4-P1 and 9.8.1-P1. Users of BIND from the original source distribution should upgrade to this version.

See also http://www.isc.org/software/bind/advisories/cve-2011-4313

Vendor Information

606539
Expand all

Debian GNU/Linux

Updated:  January 06, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://www.debian.org/security/2011/dsa-2347

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fedora Project

Updated:  January 06, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069970.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069975.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069463.html

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company

Updated:  January 06, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://marc.info/?l=bugtraq&m=132310123002302&w=2 http://marc.info/?l=bugtraq&m=132310123002302&w=2

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Internet Systems Consortium

Updated:  November 16, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://www.isc.org/software/bind/981-p1 https://www.isc.org/software/bind/974-p1 https://www.isc.org/software/bind/96-esv-r5-p1 https://www.isc.org/software/bind/94-esv-r5-p1

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mandriva S. A.

Updated:  January 06, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://www.mandriva.com/security/advisories?name=MDVSA-2011:176

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Oracle Corporation

Updated:  November 28, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://blogs.oracle.com/sunsecurity/entry/cve_2011_4313_denial_of

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat, Inc.

Updated:  January 06, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://www.redhat.com/support/errata/RHSA-2011-1458.html http://www.redhat.com/support/errata/RHSA-2011-1459.html http://www.redhat.com/support/errata/RHSA-2011-1496.html

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SUSE Linux

Updated:  January 06, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00029.html

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ubuntu

Updated:  January 06, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://www.ubuntu.com/usn/USN-1264-1

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Thanks to Internet Systems Consortium for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: CVE-2011-4313
Severity Metric: 21.92
Date Public: 2011-11-16
Date First Published: 2011-11-22
Date Last Updated: 2012-01-06 15:40 UTC
Document Revision: 11

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.