BIND 9 Validator Assumption Error May Let Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1012995 |
|
SecurityTracker URL: http://securitytracker.com/id/1012995
|
|
CVE Reference:
CAN-2005-0034
(Links to External Site)
|
Date: Jan 25 2005
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 9.3.0 only
|
Description:
A vulnerability was reported in BIND 9. A user may be able to cause denial of service conditions.
NISCC reported that a user may be able to trigger a crash in 'named' due to an incorrect assumption in the validator, causing an internal consistency test to fail. The named process may terminate abnormally.
No further details were provided.
|
Impact:
A remote user may be able to cause named to crash.
|
Solution:
The vendor has released a fixed version (9.3.1), available at:
http://www.isc.org/sw/bind/
The vendor has described the following workaround:
- Disable dnssec validation (off by default) at the Options/View level
|
Vendor URL: www.isc.org/ (Links to External Site)
|
Cause:
Exception handling error, Input validation error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 25 Jan 2005 15:27:47 -0500
Subject: [none]
|
NISCC Vulnerability Advisory 731920/NISCC/BIND9
Vulnerability Issues with the BIND 9 Software
Version Information
-------------------
Advisory Reference 731920/NISCC/BIND9
Release Date 25 Jan 2005
Last Revision 21 Jan 2005
Version Number 1.0
What is affected?
-----------------
The vulnerability only affects BIND v9.3.0.
Severity
--------
This is rated as low, although if exploited this could potentially result in a
denial-of-service.
Summary
-------
A weakness in the self-check function of BIND 9 has been discovered by the Internet
Systems Consortium, Inc. (ISC).
ISC have solutions available that can rectify these issues, please refer to the
'Solution' section for further information.
[Please note that revisions to this advisory will not be notified by email. All
subscribers are advised to regularly check the NISCC website
(http://www.niscc.gov.uk/niscc/vulnAdv-en.html) for updates to this notice.]
Details
-------
CVE ID: CAN-2005-034
An incorrect assumption in the validator can result in an internal consistency test failing
and this can cause named to terminate abnormally.
Mitigation
----------
ISC have recommended the following work-around:
- Disable dnssec validation (off by default) at the Options/View level
Solution
--------
ISC have released an updated version of BIND to rectify this issue:
- BIND 9.3.1
This is available from the ISC website at http://www.isc.org/sw/bind/.
ISC have also produced a patch for users who cannot upgrade to BIND 9.3.1; please contact
the NISCC Vulnerability Team at vulteam@niscc.gov.uk if you wish to receive the patch.
Vendor Information
------------------
Internet Systems Consortium, Inc. (ISC) is a non-profit public benefit corporation
dedicated to supporting the infrastructure of the Internet. Please visit
http://www.isc.org for further information regarding ISC.
Credits
-------
The NISCC Vulnerability Team would like to thank ISC for reporting this issue to NISCC and
for their assistance in the handling of this vulnerability.
Contact Information
-------------------
The NISCC Vulnerability Management Team can be contacted as follows:
Email vulteam@niscc.gov.uk
Please quote the advisory reference in the subject line
Telephone +44 (0)870 487 0748 Ext 4511
Monday - Friday 08:30 - 17:00
Fax +44 (0)870 487 0749
Post Vulnerability Management Team
NISCC
PO Box 832
London
SW1P 1BG
We encourage those who wish to communicate via email to make use of our PGP key. This is available
from http://www.niscc.gov.uk/niscc/publicKey2-en.pop.
Please note that UK government protectively marked material should not be sent to the email address
above.
If you wish to be added to our email distribution list please email your request to
uniras@niscc.gov.uk.
|
|
