ISS X-Force Database: bind-named-dns-dos(19062): BIND named DNA datagram denial of service

BIND named DNA datagram denial of service

bind-named-dns-dos (19062)

Low Risk

Description:

BIND (the Berkeley Internet Name Daemon) is vulnerable to a denial of service attack, caused by a vulnerability in the authvalidated function. If DNSSEC validation is enabled, which is not the default setting, a remote attacker could send a specially-crafted DNS datagram to cause the named process to crash.

Platforms Affected:

ISC, BIND 9.3.0
MandrakeSoft, Mandrake Linux 10.1 X86_64
MandrakeSoft, Mandrake Linux 10.1
RedHat, Linux

Remedy:

Upgrade to the latest version of BIND (9.3,1 or later), available from the Internet Software Consortium (ISC) Web site. See References.

— OR —

Contact the NISCC Vulnerability Team for patch information, as listed in NISCC Vulnerability Advisory 731920. See References.

Consequences:

Denial of Service

References:

CIAC INFORMATION BULLETIN P-114, BIND: Self Check Failing at http://www.ciac.org/ciac/bulletins/p-114.shtml.
FreeBSD Security Advisory FreeBSD-SA-05:12.bind9, BIND 9 DNSSEC remote denial of service vulnerability at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:12.bind9.asc.
Internet Software Consortium (ISC) Web site, BIND (Berkeley Internet Name Domain) page at http://www.isc.org/products/BIND/.
NISCC Vulnerability Advisory 731920, Vulnerability Issues with the BIND 9 Software at http://www.uniras.gov.uk/niscc/docs/al-20050125-00060.html?lang=en.
BID-12365: BIND Validator Self Checking Remote Denial Of Service Vulnerability
CVE-2005-0034: An incorrect assumption in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail.
MDKSA-2005:023: Updated bind packages fix vulnerability
SA14008: BIND Validator Denial of Service Vulnerability
SECTRACK ID: 1012995: BIND 9 Validator Assumption Error May Let Remote Users Deny Service
US-CERT VU#938617: BIND 9.3.0 vulnerable to denial of service in validator code

Reported:

Jan 25, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page