search menu icon-carat-right cmu-wordmark

CERT Coordination Center

ISC BIND 9 resolver denial of service vulnerability

Vulnerability Note VU#606539

Original Release Date: 2011-11-22 | Last Revised: 2012-01-06

Overview

ISC BIND 9 resolver contains a remote packet denial of service vulnerability after logging an error in query.c.

Description

According to ISC:

An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. ISC is working on determining the ultimate cause by which a record with this particular inconsistency is cached.At this time we are making available a patch which makes named recover gracefully from the inconsistency, preventing the abnormal exit.

The patch has two components. When a client query is handled, the code which processes the response to the client has to ask the cache for the records for the name that is being queried. The first component of the patch prevents the cache from returning the inconsistent data. The second component prevents named from crashing if it detects that it has been given an inconsistent answer of this nature.

Impact

A remote, unauthenticated attacker can cause the BIND 9 resolver to crash creating a denial of service condition.

Solution


Apply an update

Users who obtain BIND from a third-party vendor, such as their operating system vendor, should see the vendor information portion of this document for a partial list of affected vendors.

This vulnerability is addressed in ISC BIND versions 9.4-ESV-R5-P1, 9.6-ESV-R5-P1, 9.7.4-P1 and 9.8.1-P1. Users of BIND from the original source distribution should upgrade to this version.

See also http://www.isc.org/software/bind/advisories/cve-2011-4313

Vendor Information

606539
 
Affected   Unknown   Unaffected

Debian GNU/Linux

Updated:  January 06, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Fedora Project

Updated:  January 06, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Hewlett-Packard Company

Updated:  January 06, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Internet Systems Consortium

Updated:  November 16, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Mandriva S. A.

Updated:  January 06, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Oracle Corporation

Updated:  November 28, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Red Hat, Inc.

Updated:  January 06, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

SUSE Linux

Updated:  January 06, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Ubuntu

Updated:  January 06, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

Thanks to Internet Systems Consortium for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: CVE-2011-4313
Severity Metric: 21.92
Date Public: 2011-11-16
Date First Published: 2011-11-22
Date Last Updated: 2012-01-06 15:40 UTC
Document Revision: 11

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.