From: SecuriTeam <support@securiteam.com.>
To: [email protected]
Date: 10 Sep 2006 15:08:55 +0200
Subject: [UNIX] BIND 9 Multiple DoS Vulnerabilities
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20060910142543.14BF7577E@mail.tyumen.ru.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
BIND 9 Multiple DoS Vulnerabilities
------------------------------------------------------------------------
SUMMARY
BIND (Berkeley Internet Name Domain) is an implementation of the Domain
Name System (DNS) protocols and provides an openly redistributable
reference implementation of the major components of the Domain Name
System".
Several remotely exploitable DoS vulnerabilities have been discovered in
bind 9.
DETAILS
Vulnerable Systems:
* BIND 9.3.x and 9.4.x
Immune Systems:
* BIND 9.4.0b2, BIND 9.3.3rc2, BIND 9.3.2-P1, BIND 9.2.7rc1 or BIND
9.2.6-P1 (or later).
Note for BIND 9.2.x: Code handling this path for 9.2.x has been determined
to be wrong, though ISC has not been able to detect an execution path that
would trigger the erroneous code in 9.2.x. Nonetheless a patch is
provided.
Description:
SIG Query Processing (CVE-2006-4095):
Recursive servers:
Queries for SIG records will trigger a assertion failure if more than one
SIG (covered) RRset is returned. Exposure can be minimized by restricting
sources that can ask for recursion.
Authoritative servers:
If a nameserver is serving a RFC 2535 DNSSEC zone and is queried for the
SIG records where the are multiple SIG(covered) RRsets (e.g. a zone apex)
then named will trigger a assertion failure when it trys to construct the
response.
Excessive Recursive Queries INSIST failure (CVE-2006-4096):
It is possible to trigger a INSIST failure by sending enough recursive
queries that the response to the query arrives after all the clients
looking for the response have left the recursion queue. Exposure can be
minimized by restricting sources that canask for recursion.
Workarounds:
None
Patch Availability:
Upgrade to BIND 9.4.0b2, BIND 9.3.3rc2, BIND 9.3.2-P1, BIND 9.2.7rc1 or
BIND 9.2.6-P1 (or later).
<http://www.isc.org/sw/bind/ > http://www.isc.org/sw/bind/
ADDITIONAL INFORMATION
The information has been provided by the <http://www.isc.org/>; ISC.
For the original advisory please visit:
<http://www.isc.org/index.pl?/sw/bind/bind-security.php>;
http://www.isc.org/index.pl?/sw/bind/bind-security.php.
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: [email protected]
In order to subscribe to the mailing list, simply forward this email to: [email protected]
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
