JPCERT-AT-2011-0019
JPCERT/CC
2011-07-06 (First edition)
2011-07-08 (Updated)
<<< JPCERT/CC Alert 06.07.11 >>>
ISC BIND 9 DoS Vulnerability of Authoritative and Recursive Servers
https://www.jpcert.or.jp/at/2011/at110019.txt
I. Overview
ISC BIND 9 contains a vulnerability that will cause a Denial of
Service (DoS).
As a result, a remote attacker could easily initiate a Denial of
Service (DoS) attack on DNS servers (authoritative DNS servers and
cache DNS servers) running BIND 9 by sending specially crafted DNS
packets to the servers.
Internet Systems Consortium, Inc. (ISC)
ISC BIND 9 Remote packet Denial of Service against Authoritative and Recursive Servers
https://www.isc.org/software/bind/advisories/cve-2011-2464
This vulnerability is applicable with many of the DNS servers
(authoritative DNS servers and cache DNS servers) running BIND 9.
This vulnerability cannot be mitigated using the access control
features of ISC BIND 9. Therefore, temporary mitigation is difficult,
and since attacks can be initiated based on vulnerability information
pubished on the Internet, we recommend quickly deploying the corrected
version based on "III. Solution."
ISC has also published vulnerability information with regard to BIND
9.8 (CVE-2011-2465). BIND 9.8 may unintentionally terminate its
service when it is run as a cache DNS server with the RPZ feature
enabled. For more information, refer to information from ISC.
Internet Systems Consortium, Inc. (ISC)
ISC BIND 9 Remote Crash with Certain RPZ Configurations
https://www.isc.org/software/bind/advisories/cve-2011-2465
II. Products Affected
According to ISC, the following versions may be affected by this
vulnerability.
ISC BIND
- 9.6.3, 9.6-ESV-R4, 9.6-ESV-R4-P1, 9.6-ESV-R5b1
- 9.7.0, 9.7.0-P1, 9.7.0-P2, 9.7.1, 9.7.1-P1, 9.7.1-P2, 9.7.2,
9.7.2-P1, 9.7.2-P2, 9.7.2-P3, 9.7.3, 9.7.3-P1, 9.7.3-P2, 9.7.4b1
- 9.8.0, 9.8.0-P1, 9.8.0-P2, 9.8.0-P3, 9.8.1b1
Note that versions 9.5.3b1 and 9.5.3rc1 which are no longer
supported are also affected by this vulnerability.
* Versions other than BIND 9 listed above are not affected by this
vulnerability.
Those who are using BIND versions provided by distributors should
refer to information provided by the distributors.
III. Solution
ISC has released BIND versions that correct this vulnerability.
Additionally, corrected versions are also being provided by several
distributors. We recommend quickly deploying the corrected version
after thorough testing.
The corrected versions are as follows:
ISC BIND
- 9.6-ESV-R4-P3
- 9.7.3-P3
- 9.8.0-P4
IV. References
Internet Systems Consortium, Inc. (ISC)
ISC BIND 9 Remote packet Denial of Service against Authoritative and Recursive Servers
https://www.isc.org/software/bind/advisories/cve-2011-2464
Internet Systems Consortium, Inc. (ISC)
ISC BIND 9 Remote Crash with Certain RPZ Configurations
https://www.isc.org/software/bind/advisories/cve-2011-2465
Japan Registry Services Co., Ltd. (JPRS)
(Critical) Denial of Service (DoS) attacks exploiting a vulnerability in BIND 9.x
http://jprs.jp/tech/security/2011-07-05-bind9-vuln-remote-packet-auth-and-recurse.html
Japan Registry Services Co., Ltd. (JPRS)
BIND 9.8.x service interruption caused by an implemenation defect in its RPZ (Response Policy Zones) feature
http://jprs.jp/tech/security/2011-07-05-bind98-vuln-rpz-dname.html
US-CERT Vulnerability Note VU#142646
ISC BIND 9 named denial of service vulnerability
http://www.kb.cert.org/vuls/id/142646
US-CERT Vulnerability Note VU#137968
ISC BIND 9 RPZ zone named denial-of-service vulnerability
http://www.kb.cert.org/vuls/id/137968
*** Update: Added on July 8, 2011 ************************************
JVNVU#142646
ISC BIND Denial of Service (DoS) vulnerability
https://jvn.jp/cert/JVNVU142646/
JVNVU#137968
ISC BIND 9.8.x Denial of Service (DoS) vulnerability
https://jvn.jp/cert/JVNVU137968/
Red Hat Network
Important: bind security update
https://rhn.redhat.com/errata/RHSA-2011-0926.html
**********************************************************************
Debian
DSA-2272-1 bind9 -- denial of service
http://www.debian.org/security/2011/dsa-2272
http://www.debian.org/security/2011/dsa-2272.en.html
Ubuntu
Ubuntu Security Notice USN-1163-1
http://www.ubuntu.com/usn/usn-1163-1/
If you have any further questions or information regarding this
alert, please contact JPCERT/CC.
________
Revision history
2011-07-06 First edition
2011-07-08 Added reference information
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top