ID: 3868
Date: 29/07/2009
Title: 3868 - ISC BIND 9 vulnerable to denial of service via dynamic update request
Platform level affected:Net Application - Enterprise
Hardware components affected:Intel PC
Specific operating systems components affected: Unix
Net-enabled software: Other
Other software: Other
Remediation Summary:Update your copy of the software with the download available from the supplier.
Vendors affected:ISC
Applications affected:BIND
Adversity source: Unknown
Attack Vector: DoS
Virulence: Unknown
Warning Status: Active
Potential Damage: Network DOS
Possible Duration: Unknown
Availability of fix: Available
Type of fix: Patch
Source: US-CERT
Reliability of source: Trusted
Source URL: http://www.kb.cert.org/vuls/id/725188
CVE: CVE-2009-0696
Abstract: ISC BIND 9 contains a vulnerability that may allow a remote, unauthenticated attacker to create a denial-of-service condition.
Overview
ISC BIND 9 contains a vulnerability that may allow a remote, unauthenticated attacker to create a denial-of-service condition.
I. Description
The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC). It includes support for dynamic DNS updates as specified in IETF RFC 2136. BIND 9 can crash when processing a specially-crafted dynamic update packet. ISC notes that this vulnerability affects all servers and is not limited to those that are configured to allow dynamic updates.
II. Impact
By sending a specially-crafted dynamic update packet to a BIND 9 server, a remote, unauthenticated attacker can cause a denial of service by causing BIND to crash.
III. Solution
Apply an update
Users who obtain BIND from a third-party vendor, such as their operating system vendor, should see the systems affected portion of this document for a partial list of affected vendors.
This vulnerability is addressed in ISC BIND versions 9.4.3-P3, 9.5.1-P3, and BIND 9.6.1-P1. Users of BIND from the original source distribution should upgrade to one of these versions, as appropriate.
See also https://www.isc.org/node/474.
Systems Affected
|
Vendor |
Status |
Date Notified |
Date Updated |
|
Alcatel-Lucent |
Unknown |
2009-07-28 |
2009-07-28 |
|
Apple Inc. |
Unknown |
2009-07-28 |
2009-07-28 |
|
BlueCat Networks, Inc. |
Unknown |
2009-07-28 |
2009-07-28 |
|
Check Point Software Technologies |
Unknown |
2009-07-28 |
2009-07-28 |
|
Conectiva Inc. |
Unknown |
2009-07-28 |
2009-07-28 |
|
Cray Inc. |
Unknown |
2009-07-28 |
2009-07-28 |
|
Debian GNU/Linux |
Unknown |
2009-07-28 |
2009-07-28 |
|
DragonFly BSD Project |
Unknown |
2009-07-28 |
2009-07-28 |
|
EMC Corporation |
Unknown |
2009-07-28 |
2009-07-28 |
|
Engarde Secure Linux |
Unknown |
2009-07-28 |
2009-07-28 |
|
Ericsson |
Unknown |
2009-07-28 |
2009-07-28 |
|
F5 Networks, Inc. |
Unknown |
2009-07-28 |
2009-07-28 |
|
Fedora Project |
Unknown |
2009-07-28 |
2009-07-28 |
|
FreeBSD, Inc. |
Vulnerable |
2009-07-28 |
2009-07-28 |
|
Fujitsu |
Unknown |
2009-07-28 |
2009-07-28 |
|
Gentoo Linux |
Unknown |
2009-07-28 |
2009-07-28 |
|
Gnu ADNS |
Unknown |
2009-07-28 |
2009-07-28 |
|
GNU glibc |
Unknown |
2009-07-28 |
2009-07-28 |
|
Hewlett-Packard Company |
Unknown |
2009-07-28 |
2009-07-28 |
|
Hitachi |
Unknown |
2009-07-28 |
2009-07-28 |
|
IBM Corporation |
Unknown |
2009-07-28 |
2009-07-28 |
|
IBM eServer |
Unknown |
2009-07-28 |
2009-07-28 |
|
Infoblox |
Unknown |
2009-07-28 |
2009-07-28 |
|
Internet Systems Consortium |
Vulnerable |
2009-07-28 |
2009-07-28 |
|
Juniper Networks, Inc. |
Unknown |
2009-07-28 |
2009-07-28 |
|
Mandriva S. A. |
Unknown |
2009-07-28 |
2009-07-28 |
|
McAfee |
Unknown |
2009-07-28 |
2009-07-28 |
|
Men & Mice |
Unknown |
2009-07-28 |
2009-07-28 |
|
Metasolv Software, Inc. |
Unknown |
2009-07-28 |
2009-07-28 |
|
MontaVista Software, Inc. |
Unknown |
2009-07-28 |
2009-07-28 |
|
NEC Corporation |
Unknown |
2009-07-28 |
2009-07-28 |
|
NetBSD |
Unknown |
2009-07-28 |
2009-07-28 |
|
Nixu |
Unknown |
2009-07-28 |
2009-07-28 |
|
Nokia |
Unknown |
2009-07-28 |
2009-07-28 |
|
Nominum |
Not Vulnerable |
2009-07-28 |
2009-07-28 |
|
Nortel Networks, Inc. |
Unknown |
2009-07-28 |
2009-07-28 |
|
Novell, Inc. |
Unknown |
2009-07-28 |
2009-07-28 |
|
OpenBSD |
Unknown |
2009-07-28 |
2009-07-28 |
|
Openwall GNU/*/Linux |
Unknown |
2009-07-28 |
2009-07-28 |
|
QNX, Software Systems, Inc. |
Unknown |
2009-07-28 |
2009-07-28 |
|
Red Hat, Inc. |
Unknown |
2009-07-28 |
2009-07-28 |
|
SafeNet |
Unknown |
2009-07-28 |
2009-07-28 |
|
Shadowsupport |
Unknown |
2009-07-28 |
2009-07-28 |
|
Silicon Graphics, Inc. |
Unknown |
2009-07-28 |
2009-07-28 |
|
Slackware Linux Inc. |
Unknown |
2009-07-28 |
2009-07-28 |
|
Sony Corporation |
Unknown |
2009-07-28 |
2009-07-28 |
|
Sun Microsystems, Inc. |
Unknown |
2009-07-28 |
2009-07-28 |
|
SUSE Linux |
Unknown |
2009-07-28 |
2009-07-28 |
|
The SCO Group |
Unknown |
2009-07-28 |
2009-07-28 |
|
Turbolinux |
Unknown |
2009-07-28 |
2009-07-28 |
|
Ubuntu |
Unknown |
2009-07-28 |
2009-07-28 |
|
Unisys |
Unknown |
2009-07-28 |
2009-07-28 |
|
Wind River Systems, Inc. |
Unknown |
2009-07-28 |
2009-07-28 |
References
https://www.isc.org/node/474
http://tools.ietf.org/html/rfc2136
http://oldwww.isc.org/sw/bind/view?release=9.4.3-P3&noframes=1
http://oldwww.isc.org/sw/bind/view?release=9.5.1-P3&noframes=1
http://oldwww.isc.org/sw/bind/view?release=9.6.1-P1&noframes=1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975
Credit
Thanks to ISC for reporting this vulnerability.
This document was written by Will Dormann.
Other Information
|
Date Public: |
2009-07-28 |
|
Date First Published: |
2009-07-28 |
|
Date Last Updated: |
2009-07-28 |
|
CERT Advisory: |
|
|
CVE-ID(s): |
CVE-2009-0696 |
|
NVD-ID(s): |
CVE-2009-0696 |
|
US-CERT Technical Alerts: |
|
|
Metric: |
7.87 |
|
Document Revision: |
17 |
This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.
The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.
CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.
Wed, 29 Jul 2009 09:29:00 GMT
Domain affected: Technical