SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
(Solaris is Affected) Re: BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions
SecurityTracker Alert ID:  1008320
SecurityTracker URL:  http://securitytracker.com/id/1008320
CVE Reference:   CAN-2003-0914   (Links to External Site)
Date:  Nov 27 2003
Impact:   Denial of service via network
Vendor Confirmed:  Yes  
Version(s): 8.4.2 and prior versions
Description:   A vulnerability was reported in BIND 8. A remote user can introduce invalid DNS records to cause denial of service conditions.

It is reported that a remote user can conduct a cache poisoning attack by causing the target server to retain invalid negative responses. A temporary denial of service may occur until the invalid record expires from the cache.

No further details were provided.
Impact:   A remote user can cause denial of service conditions.
Solution:   Sun reports that Solaris is affected and that a resolution is pending.
Vendor URL:  sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57434 (Links to External Site)
Cause:   Input validation error
Underlying OS:   UNIX (Solaris - SunOS)

Message History:   This archive entry is a follow-up to the message listed below.
Nov 27 2003 BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions


 Source Message Contents
Date:  Thu, 27 Nov 2003 13:07:47 -0500
Subject:  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57434


http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57434

57434   Remote Denial-Of-Service Vulnerability in BIND DNS Daemon (in.named)   26 Nov 2003

Sun reported that the Domain Name Service Daemon (in.named(1M)) on Sun Solaris is affected 
by the BIND 8 negative cache denial of service vulnerability.

This issue corresponds to the security fix addressed in ISC BIND 8.4.2 and8.3.7 releases 
and is mentioned here: http://www.isc.org/products/BIND/bind8.html

Sun has indicated that, as a workaround, you can place required host information in 
another name repository, such as "files" (in "/etc/hosts") and modify nsswitch.conf(4) 
accordingly. See http://docs.sun.com/ for further information.

Sun reports that a final resolution is pending.

-----

Sun Alert ID: 57434
Synopsis: Remote Denial-Of-Service Vulnerability in BIND DNS Daemon (in.named)
Category: Security
Product: Solaris
BugIDs: 4928758
Avoidance: Workaround
State: Committed
Date Released: 26-Nov-2003
Date Closed:
Date Modified:


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC