Vulnerability Note VU#697164
BIND vulnerable to an INSIST failure via sending of multiple recursive queries
A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system.
The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC). A flaw exists in the way that some versions of BIND handle recursive queries. It is possible for a remote attacker to trigger an INSIST failure by sending enough recursive queries that the response to the query arrives after all the clients looking for the response have left the recursion queue.
This vulnerability affects BIND 9.3.x versions 9.3.0, 9.3.1, 9.3.2, 9.3.3b, and 9.3.3rc1, and BIND 9.4.x versions 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, and 9.4.0b1.
Note that although BIND versions 9.2.x also contain the underlying flaw that causes this vulnerability, ISC reports that the vulnerability is not exposed by these versions. Nonetheless, ISC has provided a patch for these versions as well.
A remote attacker may be able to cause the name server daemon to crash, thereby causing a denial of service for DNS operations.
Apply a patch from the vendor
Patches have been released in response to this issue. Please see the Systems Affected section of this document.
Users who compile their own versions of BIND from the original ISC source code are encouraged to upgrade to BIND 9.2.6-P1 or BIND 9.3.2-P1 as appropriate. Patches for this issue are also included in BIND versions 9.2.7rc2, 9.3.3rc2, and 9.4.0b2. Patched versions of the software are available from the BIND download page.
Administrators, particularly those who are unable to apply a patch, can limit exposure to this vulnerability by restricting sources that can ask for recursion.
If you are a vendor and your product is affected, let
us know.View More »
|Vendor||Status||Date Notified||Date Updated|
|Debian GNU/Linux||Affected||23 Aug 2006||11 Sep 2006|
|F5 Networks, Inc.||Affected||23 Aug 2006||07 Sep 2006|
|FreeBSD, Inc.||Affected||23 Aug 2006||07 Sep 2006|
|Gentoo Linux||Affected||23 Aug 2006||02 Oct 2006|
|Internet Software Consortium||Affected||03 Jul 2006||06 Sep 2006|
|Mandriva, Inc.||Affected||23 Aug 2006||11 Sep 2006|
|NetBSD||Affected||23 Aug 2006||02 Oct 2006|
|OpenBSD||Affected||23 Aug 2006||07 Sep 2006|
|OpenPKG||Affected||-||07 Sep 2006|
|Openwall GNU/*/Linux||Affected||23 Aug 2006||11 Sep 2006|
|rPath||Affected||-||25 Sep 2006|
|Slackware Linux Inc.||Affected||23 Aug 2006||02 Oct 2006|
|Trustix Secure Linux||Affected||23 Aug 2006||02 Oct 2006|
|Ubuntu||Affected||23 Aug 2006||07 Sep 2006|
|Hitachi||Not Affected||23 Aug 2006||05 Sep 2006|
Thanks to Joao Damas of
Internet Software Consortium
for reporting this vulnerability.
This document was written by Chad R Dougherty.
05 Sep 2006
Date First Published:
05 Sep 2006
Date Last Updated:
02 Oct 2006
If you have feedback, comments, or additional information about this vulnerability, please send us email.