ISC BIND 9 contains a vulnerability that may allow a remote, unauthenticated attacker to create a denial-of-service condition.
The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC). It includes support for dynamic DNS updates as specified in IETF RFC 2136. BIND 9 can crash when processing a specially-crafted dynamic update packet.
ISC notes that this vulnerability affects all servers that are masters for one or more zones and is not limited to those that are configured to allow dynamic updates. ISC also indicates that the attack packet has to be constructed for a zone for which the target system is configured as a master; launching the attack against slave zones does not trigger the vulnerability.
By sending a specially-crafted dynamic update packet to a BIND 9 server, a remote, unauthenticated attacker can cause a denial of service by causing BIND to crash.
Apply an update
Apple Inc. Affected
BlueCat Networks, Inc. Affected
Debian GNU/Linux Affected
F5 Networks, Inc. Affected
FreeBSD, Inc. Affected
Hewlett-Packard Company Affected
Internet Systems Consortium Affected
Red Hat, Inc. Affected
SUSE Linux Affected
Sun Microsystems, Inc. Affected
Nominum Not Affected
Conectiva Inc. Unknown
Cray Inc. Unknown
DragonFly BSD Project Unknown
EMC Corporation Unknown
Engarde Secure Linux Unknown
Fedora Project Unknown
GNU glibc Unknown
Gentoo Linux Unknown
Gnu ADNS Unknown
IBM Corporation Unknown
IBM eServer Unknown
Juniper Networks, Inc. Unknown
Mandriva S. A. Unknown
Men & Mice Unknown
Metasolv Software, Inc. Unknown
Microsoft Corporation Unknown
MontaVista Software, Inc. Unknown
NEC Corporation Unknown
Nortel Networks, Inc. Unknown
Novell, Inc. Unknown
Openwall GNU/*/Linux Unknown
QNX, Software Systems, Inc. Unknown
Silicon Graphics, Inc. Unknown
Slackware Linux Inc. Unknown
Sony Corporation Unknown
The SCO Group Unknown
Wind River Systems, Inc. Unknown
Thanks to ISC for reporting this vulnerability.
This document was written by Will Dormann and Chad Dougherty.
|Date First Published:||2009-07-28|
|Date Last Updated:||2009-08-27 14:10 UTC|