search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Multiple vulnerabilities in DNS implementations

Vulnerability Note VU#955777

Original Release Date: 2006-04-28 | Last Revised: 2006-05-23

Overview

Numerous vulnerabilities have been reported in various Domain Name System (DNS) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause a DNS implementation to behave in an unstable/unpredictable manner.

Description

DNS

The Domain Name System provides name, address, and other information about Internet Protocol (IP) networks and devices.

The Problems

The U.K. National Infrastructure Security Co-ordination Center (NISCC) and the Oulu University Secure Programming Group have reported numerous vulnerabilities in DNS implementations.

These vulnerabilities were discovered using the PROTOS DNS Test Tool developed by Oulu University Secure Programming Group (OUSPG). The results of the tests are described in NISCC Vulnerability Advisory 144154/NISCC/DNS. According to that advisory:

There are three sets of test materials available with the tool; these are specifically designed for the following scenarios:

1. The Query Material -> [queries, dynamic DNS updates] -> DNS server
2. The Response Material -> [query replies] -> DNS server
3. The Response Material -> [query replies] -> DNS stub resolver (client)
4. The Zone Transfer Material -> [zone transfers] -> secondary DNS server


The test material simulates hostile input to the DNS implementation by sending invalid
and/or abnormal packets.

Impact

These vulnerabilities may allow a remote attacker to execute arbitrary code, cause a denial-of-service condition, gain access to sensitive information, or cause an DNS implementation to behave in an unstable/unpredictable manner.


Exploitation of some of these vulnerabilities may allow a remote attacker to take control of a DNS server. Once a DNS server compromised, the attacker may be able to launch attacks on other, unaffected DNS servers.

Solution

Apply a patch from an affected product vendor

Vendor Information

955777
 
Affected   Unknown   Unaffected

F5 Networks, Inc.

Notified:  April 26, 2006 Updated:  May 03, 2006

Status

  Vulnerable

Vendor Statement

F5's 3-DNS and GTM products are vulnerable to the same extent that BIND itself is vulernable. F5 products will be patched when ISC relea

ses fixes to BIND.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Juniper Networks, Inc.

Notified:  April 26, 2006 Updated:  April 27, 2006

Status

  Vulnerable

Vendor Statement

The OUSPG PROTOS c09-dns-response test tool was run against all Juniper Networks platforms. JUNOS and ScreenOS were unaffected. Tests against JUNOSe, found on the E-series routers, did

result in an issue with the DNS client code (ref: KA 23381). The issue was resolved in the following JUNOSe updates: 5-3-5p0-2, 6-0-3p0-6, 6-0-4, 6-1-3p0-1, 7-0-1p0-7, 7-0-2, 7-1-0p0-1,
7-1-1. Later JUNOSe releases are unaffected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Openwall GNU/*/Linux

Notified:  April 26, 2006 Updated:  May 10, 2006

Status

  Vulnerable

Vendor Statement

Openwall GNU/*/Linux (Owl) 2.0 contains BIND 9 and a DNS resolver as a part of the GNU C Library (glibc), both with our modifications. Owl 1.1 and earlier releases did not include BIND.

Although there's limited information on these vulnerabilities available, we believe that the BIND 9 package in Owl is affected to the same (very limited) extent that is documented in the statement from the ISC found in the PDF version of the NISCC Vulnerability Advisory 144154/NISCC/DNS and that the DNS resolver in glibc is not affected at all.

Assuming that the ISC's description of the issue is correct, we agree with the ISC's assessment of this issue as minor enough to not require updates for current and past releases. Instead, a fix is expected to be included in a future release of BIND - and we are going to similarly include that in a future release of Owl.

The ISC's description of the issue implies that for the attack to work the DNS server must be configured to use TSIG-based authentication of transactions and the attacker must in fact authenticate successfully. Thus, it appears that the attack may only be carried out via a related previously compromised DNS server and only if both servers are configured to use TSIG-based authentication. The impact of a successful attack is limited to denial of the DNS service.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hewlett-Packard Company

Notified:  April 26, 2006 Updated:  May 10, 2006

Status

  Not Vulnerable

Vendor Statement

HP-UX 11.X - not vulnerable

Tru64 UNIX - not vulnerable

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hitachi

Notified:  April 26, 2006 Updated:  May 01, 2006

Status

  Not Vulnerable

Vendor Statement

AlaxalA Networks AX series, Hitachi GR2000/GR4000/GS4000/GS3000 and Hitachi HI-UX are NOT vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ricoh Corporation

Updated:  May 23, 2006

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Apple Computer, Inc.

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Conectiva Inc.

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Cray Inc.

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Debian GNU/Linux

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

EMC, Inc. (formerly Data General Corporation)

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Engarde Secure Linux

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fedora Project

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

FreeBSD, Inc.

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fujitsu

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Gentoo Linux

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation (zseries)

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM eServer

Notified:  April 26, 2006 Updated:  April 27, 2006

Status

  Unknown

Vendor Statement

For information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to

https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID=

In order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to

http://app-06.www.ibm.com/servers/resourcelink

and follow the steps for registration.

All questions should be referred to servsec@us.ibm.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Immunix Communications, Inc.

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ingrian Networks, Inc.

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Internet Software Consortium

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Mandriva, Inc.

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Microsoft Corporation

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

MontaVista Software, Inc.

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NEC Corporation

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NetBSD

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Nokia

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Novell, Inc.

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

OpenBSD

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

QNX, Software Systems, Inc.

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Red Hat, Inc.

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

SUSE Linux

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Silicon Graphics, Inc.

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Slackware Linux Inc.

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sony Corporation

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sun Microsystems, Inc.

Notified:  April 26, 2006 Updated:  May 22, 2006

Status

  Unknown

Vendor Statement

Sun Microsystems is currently investigating the impact of the OUSPG DNS test suite to Sun's products. If any issues are identified, Sun will publish Sun Alerts which will include details of the impact and

suggested resolution for those issues.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Trustix Secure Linux

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Turbolinux

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ubuntu

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Unisys

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Wind River Systems, Inc.

Notified:  April 26, 2006 Updated:  April 26, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

These vulnerabilities were reported by NISCC and Oulu University Secure Programming Group (OUSPG)

This document was written by Jeff Gennari.

Other Information

CVE IDs: None
Severity Metric: 19.13
Date Public: 2006-04-25
Date First Published: 2006-04-28
Date Last Updated: 2006-05-23 12:43 UTC
Document Revision: 37

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.