SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
ISC BIND Resolver Resource Consumption Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1031311
SecurityTracker URL:  http://securitytracker.com/id/1031311
CVE Reference:   CVE-2014-8500   (Links to External Site)
Date:  Dec 9 2014
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.0.x - 9.8.x, 9.9.0 - 9.9.6, 9.10.0 - 9.10.1
Description:   A vulnerability was reported in ISC BIND. A remote user can cause denial of service conditions.

A remote user can send queries for domains that are in certain configurations (e.g., with difficult to resolve domain names) to consume excessive resources on the target system. This may cause the target 'named' service to crash.

Recursive resolvers are affected.

Authoritative servers may be affected if a remote user has control of a delegation traversed by the authoritative server in servicing the zone.

Florian Maury of ANSSI reported this vulnerability.

Impact:   A remote user can cause excessive resource consumption on the target system, which may cause the target 'named' service to crash.
Solution:   The vendor has issued a fix (9.9.6-P1, 9.10.1-P1).

The vendor's advisory is available at:

https://kb.isc.org/article/AA-01216/

Vendor URL:  kb.isc.org/article/AA-01216/ (Links to External Site)
Cause:   Resource error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Dec 10 2014 (Ubunut Issues Fix) ISC BIND Resolver Resource Consumption Flaw Lets Remote Users Deny Service
Ubuntu has issued a fix for Ubuntu 10.04 LTS, 12.04 LTS, 14.04 LTS, and 14.10.
Dec 11 2014 (FreeBSD Issues Fix) ISC BIND Resolver Resource Consumption Flaw Lets Remote Users Deny Service
FreeBSD has issued a fix for FreeBSD 8.4, 9.1, 9.2, and 9.3.
Dec 11 2014 (BlueCat Issues Fix for Adonis) ISC BIND Resolver Resource Consumption Flaw Lets Remote Users Deny Service
BlueCat has issued a fix for BlueCat Adonis.
Dec 12 2014 (Red Hat Issues Fix) ISC BIND Resolver Resource Consumption Flaw Lets Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 5, 6, and 7.
Jan 21 2015 (HP Issues Fix for HP-UX) ISC BIND Resolver Resource Consumption Flaw Lets Remote Users Deny Service
HP has issued a fix for HP-UX 11.31.
Feb 28 2015 (IBM Issues Fix for IBM AIX) ISC BIND Resolver Resource Consumption Flaw Lets Remote Users Deny Service
IBM has issued a fix for IBM AIX 5.3, 6.1, and 7.1.
Apr 11 2015 (Juniper Issues Fix for Juniper Junos) ISC BIND Resolver Resource Consumption Flaw Lets Remote Users Deny Service
Juniper has issued a fix for Juniper Junos.
Jul 31 2015 (Oracle Issues Fix for Oracle Linux) ISC BIND Resolver Resource Consumption Flaw Lets Remote Users Deny Service
Oracle has issued a fix for Oracle Linux 5.
Sep 4 2015 (Oracle Issues Fix for Oracle Linux) ISC BIND Resolver Resource Consumption Flaw Lets Remote Users Deny Service
Oracle has issued a fix for Oracle Linux 5.
Sep 4 2015 (Oracle Issues Fix for Oracle Linux bind97) ISC BIND Resolver Resource Consumption Flaw Lets Remote Users Deny Service
Oracle has issued a fix for bind97 for Oracle Linux 5.
Dec 17 2015 (Oracle Issues Fix for Oracle Linux) ISC BIND Resolver Resource Consumption Flaw Lets Remote Users Deny Service
Oracle has issued a fix for Oracle Linux 5.
Dec 17 2015 (Oracle Issues Fix for Oracle Linux) ISC BIND Resolver Resource Consumption Flaw Lets Remote Users Deny Service
Oracle has issued a fix for Oracle Linux 5.
Jan 28 2016 (Red Hat Issues Fix) ISC BIND Resolver Resource Consumption Flaw Lets Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 6.4 and 6.5.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC