Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2005 > Vulnerability Issues with the BIND 8 Software

January 2005

Vulnerability Issues with the BIND 8 Software

ID: 00059
Ref: 03/2005
Date: 25 January 2005:12:43:00
Version: 1
Title: Vulnerability Issues with the BIND 8 Software
Abstract: BIND uses a certain array to track nameservers/addresses that have been queried; it is possible to remotely overrun the buffer for this array and hence cause a denial-of-service.
NISCC Vulnerability Advisory 454305/NISCC/BIND8

Vulnerability Issues with the BIND 8 Software

Version Information
-------------------
Advisory Reference 454305/NISCC/BIND8
Release Date 25 Jan 2005
Last Revision 21 Jan 2005
Version Number 1.0

What is affected?
-----------------
The vulnerability only affects BIND v8.4.4 and v8.4.5.

Severity
--------
This is rated as low, although if exploited this could potentially result in a
denial-of-service.

Summary
-------
A remote buffer overrun vulnerability concerning BIND 8 has been discovered by the Internet
Systems Consortium, Inc. (ISC).

ISC have solutions available that can rectify these issues, please refer to the
'Solution' section for further information.

[Please note that revisions to this advisory will not be notified by email. All
subscribers are advised to regularly check the NISCC website
(http://www.niscc.gov.uk/niscc/vulnAdv-en.html) for updates to this notice.]

Details
-------
CVE ID: CAN-2005-0033

BIND uses a certain array to track nameservers/addresses that have been queried; it is possible to remotely overrun the buffer for this array and hence cause a denial-of-service.

Mitigation
----------
ISC have recommended the following work-around:

- Disable recursion and glue fetching

Solution
--------
ISC have released an updated version of BIND to rectify this issue:

- BIND 8.4.6

This is available from the ISC website at http://www.isc.org/sw/bind/.

ISC have also produced a patch for users who cannot upgrade to BIND 8.4.6; please contact
the NISCC Vulnerability Team at vulteam@niscc.gov.uk if you wish to receive the patch.

Vendor Information
------------------
Internet Systems Consortium, Inc. (ISC) is a non-profit public benefit corporation
dedicated to supporting the infrastructure of the Internet. Please visit
http://www.isc.org for further information regarding ISC.

Credits
-------
The NISCC Vulnerability Team would like to thank ISC for reporting this issue to NISCC and
for their assistance in the handling of this vulnerability.

Contact Information
-------------------
The NISCC Vulnerability Management Team can be contacted as follows:

Email vulteam@niscc.gov.uk
Please quote the advisory reference in the subject line

Telephone +44 (0)870 487 0748 Ext 4511
Monday - Friday 08:30 - 17:00

Fax +44 (0)870 487 0749

Post Vulnerability Management Team
NISCC
PO Box 832
London
SW1P 1BG

We encourage those who wish to communicate via email to make use of our PGP key. This is available from http://www.niscc.gov.uk/niscc/publicKey2-en.pop.

Please note that UK government protectively marked material should not be sent to the email address above.

If you wish to be added to our email distribution list please email your request to uniras@niscc.gov.uk.

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |