Vulnerability Note VU#734644

ISC BIND 8 vulnerable to cache poisoning via negative responses

Original Release date: 01 Dec 2003 | Last revised: 04 Jan 2004


The BIND 8 name server contains a cache poisoning vulnerability that allows attackers to conduct denial-of-service attacks on specific target domains.


Several versions of the BIND 8 name server are vulnerable to cache poisoning via negative responses. To exploit this vulnerability, an attacker must configure a name server to return authoritative negative responses for a given target domain. Then, the attacker must convince a victim user to query the attacker's maliciously configured name server. When the attacker's name server receives the query, it will reply with an authoritative negative response containing a large TTL (time-to-live) value. If the victim's site runs a vulnerable version of BIND 8, it will cache the negative response and render the target domain unreachable until the TTL expires.


Attackers may conduct denial-of-service attacks on specific target domains by enticing users to query a malicious name server.


Upgrade BIND

The ISC has prepared BIND 8.3.7 and BIND 8.4.3 to address this vulnerability. Name servers running BIND 4 are not affected. To obtain the latest versions of BIND, please visit

Apply a patch or updated version from your vendor

Many operating system vendors include BIND with their products and will be preparing new versions to address this vulnerability. For a list of vendors that the CERT/CC has received information from regarding this vulnerability, please see the Systems Affected section of this document.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Affected21 Oct 200311 Dec 2003
FreeBSDAffected21 Oct 200301 Dec 2003
Guardian Digital Inc. Affected21 Oct 200302 Dec 2003
Hewlett-Packard CompanyAffected21 Oct 200303 Dec 2003
IBMAffected21 Oct 200303 Dec 2003
ImmunixAffected-01 Dec 2003
Internet Software ConsortiumAffected04 Sep 200301 Dec 2003
NetBSDAffected21 Oct 200317 Nov 2003
NixuAffected21 Oct 200320 Nov 2003
Sun Microsystems Inc.Affected21 Oct 200301 Dec 2003
SuSE Inc.Affected21 Oct 200301 Dec 2003
The SCO Group (SCO UnixWare)Affected21 Oct 200303 Dec 2003
Trustix Secure LinuxAffected-01 Dec 2003
adnsNot Affected21 Oct 200320 Nov 2003
Check PointNot Affected21 Oct 200327 Oct 2003
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



The CERT/CC thanks the Internet Software Consortium for bringing this vulnerability to our attention.

This document was written by Jeffrey P. Lanza.

Other Information

  • CVE IDs: CAN-2003-0914
  • Date Public: 26 Nov 2003
  • Date First Published: 01 Dec 2003
  • Date Last Updated: 04 Jan 2004
  • Severity Metric: 1.50
  • Document Revision: 40


If you have feedback, comments, or additional information about this vulnerability, please send us email.