SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions
SecurityTracker Alert ID:  1008313
SecurityTracker URL:  http://securitytracker.com/id/1008313
CVE Reference:   CAN-2003-0914   (Links to External Site)
Date:  Nov 27 2003
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.4.2 and prior versions
Description:   A vulnerability was reported in BIND 8. A remote user can introduce invalid DNS records to cause denial of service conditions.

It is reported that a remote user can conduct a cache poisoning attack by causing the target server to retain invalid negative responses. A temporary denial of service may occur until the invalid record expires from the cache.

No further details were provided.
Impact:   A remote user can cause denial of service conditions.
Solution:   The vendor has released a fixed version (8.4.3), available at:

ftp://ftp.isc.org/isc/bind/src/8.4.3
Vendor URL:  isc.org/products/BIND/ (Links to External Site)
Cause:   Input validation error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 27 2003 (Immunix Issues Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   (Immunix Security Team <security@immunix.com>)
Immunix has released a fix.
Nov 27 2003 (EnGarde Issues Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   (engarde-announce-admins@guardiandigital.com)
Guardian Digital has released a fix for EnGarde.
Nov 27 2003 (FreeBSD Issues Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   ("Jacques A. Vidrine" <nectar@freebsd.org>)
FreeBSD has released a fix.
Nov 27 2003 (Solaris is Affected) Re: BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions
Sun Solaris is affected by this flaw.
Nov 28 2003 (Trustix Issues Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   (Trustix Security Advisor <tsl@trustix.org>)
Trustix has released a fix.
Nov 28 2003 (SuSE Issues Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   (Thomas Biege <thomas@suse.de>)
SuSE has released a fix.
Nov 28 2003 (FreeBSD Issues Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   (FreeBSD Security Advisories <security-advisories@freebsd.org>)
FreeBSD has released a fix.
Dec 1 2003 (HP Issues Preliminary Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   (support_feedback@us-support2-mail.external.hp.com (IT Resource Center ))
HP has released a preliminary update.
Dec 2 2003 (HP Issues Early Release Patches) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   ("Webb, Nigel (SSRT)" <nigelwebb@hp.com>)
HP has released Early Release Patches (ERPs) for Tru64 UNIX.
Dec 2 2003 (SCO Issues Fix for UnixWare) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   (security@sco.com)
SCO has issued a fix for UnixWare 7.1.1.
Dec 3 2003 (IBM Issues Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions
IBM issued a fix for AIX.
Dec 18 2003 (NetBSD Issues Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   (NetBSD Security Officer <security-officer@NetBSD.org>)
NetBSD has issued a fix.
Jan 6 2004 (Debian Issues Fix) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   (Matt Zimmerman <mdz@debian.org>)
Debian has released a fix.
Feb 2 2004 (HP Issues Fix for HP OpenVMS) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions   ("Webb, Nigel (SSRT)" <nigelwebb@hp.com>)
HP has released resolution files for HP OpenVMS.


 Source Message Contents
Date:  Wed, 26 Nov 2003 20:00:43 -0500
Subject:  BIND security update


A vulnerability was reported in BIND.  A remote user can conduct a cache poisoning attack 
by causing the target server to retain invalid negative responses.  A temporary denial of 
service may occur until the invalid record expires from the cache.

CVE: CAN-2003-0914


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC