SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  BIND Vendors:  ISC (Internet Software Consortium)
BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions
SecurityTracker Alert ID:  1008313
CVE Reference:  CAN-2003-0914   (Links to External Site)
Date:  Nov 27 2003
Impact:  Denial of service via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 8.4.2 and prior versions
Description:  A vulnerability was reported in BIND 8. A remote user can introduce invalid DNS records to cause denial of service conditions.

It is reported that a remote user can conduct a cache poisoning attack by causing the target server to retain invalid negative responses. A temporary denial of service may occur until the invalid record expires from the cache.

No further details were provided.
Impact:  A remote user can cause denial of service conditions.
Solution:  The vendor has released a fixed version (8.4.3), available at:

ftp://ftp.isc.org/isc/bind/src/8.4.3
Vendor URL:  isc.org/products/BIND/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 27 2003 (Immunix Issues Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   (Immunix Security Team <security@immunix.com>)
Immunix has released a fix.
Nov 27 2003 (EnGarde Issues Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   (engarde-announce-admins@guardiandigital.com)
Guardian Digital has released a fix for EnGarde.
Nov 27 2003 (FreeBSD Issues Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   ("Jacques A. Vidrine" <nectar@freebsd.org>)
FreeBSD has released a fix.
Nov 27 2003 (Solaris is Affected) Re: BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions
Sun Solaris is affected by this flaw.
Nov 28 2003 (Trustix Issues Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   (Trustix Security Advisor <tsl@trustix.org>)
Trustix has released a fix.
Nov 28 2003 (SuSE Issues Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   (Thomas Biege <thomas@suse.de>)
SuSE has released a fix.
Nov 28 2003 (FreeBSD Issues Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   (FreeBSD Security Advisories <security-advisories@freebsd.org>)
FreeBSD has released a fix.
Dec 1 2003 (HP Issues Preliminary Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   (support_feedback@us-support2-mail.external.hp.com (IT Resource Center ))
HP has released a preliminary update.
Dec 2 2003 (HP Issues Early Release Patches) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   ("Webb, Nigel (SSRT)" <nigelwebb@hp.com>)
HP has released Early Release Patches (ERPs) for Tru64 UNIX.
Dec 2 2003 (SCO Issues Fix for UnixWare) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   (security@sco.com)
SCO has issued a fix for UnixWare 7.1.1.
Dec 3 2003 (IBM Issues Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions
IBM issued a fix for AIX.
Dec 18 2003 (NetBSD Issues Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   (NetBSD Security Officer <security-officer@NetBSD.org>)
NetBSD has issued a fix.
Jan 6 2004 (Debian Issues Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   (Matt Zimmerman <mdz@debian.org>)
Debian has released a fix.
Feb 2 2004 (HP Issues Fix for HP OpenVMS) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   ("Webb, Nigel (SSRT)" <nigelwebb@hp.com>)
HP has released resolution files for HP OpenVMS.


 Source Message Contents
Date:  Wed, 26 Nov 2003 20:00:43 -0500
Subject:  BIND security update

 

A vulnerability was reported in BIND.  A remote user can conduct a cache poisoning attack 
by causing the target server to retain invalid negative responses.  A temporary denial of 
service may occur until the invalid record expires from the cache.

CVE: CAN-2003-0914


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC