SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
(ISC Issues Fix for BIND) OpenSSL ASN.1 Bugs, SSL_get_shared_ciphers() Buffer Overflow, and SSLv2 Client Error Lets Remote Users Denial of Service or Execute Arbitrary Code
SecurityTracker Alert ID:  1017158
SecurityTracker URL:  http://securitytracker.com/id/1017158
CVE Reference:   CVE-2006-2937, CVE-2006-2940   (Links to External Site)
Date:  Nov 4 2006
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.x
Description:   Several vulnerabilities were reported in OpenSSL. A remote user can cause denial of service conditions. A remote user can execute arbitrary code on the target system. BIND is affected.

A remote user can send specially crafted, invalid ASN.1 structures to trigger an infinite loop [CVE-2006-2937]. As a result, the process will consume excessive system memory. Versions prior to 0.9.7 are not affected.

A remote user can use certain types of public keys to cause the target system to take a disproportionate amount of time to process [CVE-2006-2940].

Dr. S. N. Henson developed the ASN.1 test suite for NISCC that uncovered these denial of service vulnerabilities.

A user can send a specially crafted list of ciphers to an application that uses the SSL_get_shared_ciphers() function to trigger a buffer overflow and potentially execute arbitrary code [CVE-2006-3738]. The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team with reporting this vulnerability.

A remote server can cause a connected SSLv2 client to crash [CVE-2006-4343]. The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team with reporting this vulnerability.
Impact:   A remote user can execute arbitrary code on the target system.

A remote user can cause denial of service conditions.
Solution:   BIND is affected by the CVE-2006-2937 and CVE-2006-2940 OpenSSL vulnerabilities (OpenSSL is required to use DNSSEC with BIND and had been included in earlier versions the BIND distribution).

The vendor has issued the following fixed versions: BIND 9.2.6-P2, BIND 9.3.2-P2, BIND 9.2.7rc3, BIND 9.3.3rc3, and BIND 9.4.0b3.

Upgrade and then generate new RSASHA1 and RSAMD5 keys for all old keys that were using the old default exponent and perform a key rollover to the new keys.
Cause:   Boundary error, Exception handling error, State error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Sep 29 2006 OpenSSL ASN.1 Bugs, SSL_get_shared_ciphers() Buffer Overflow, and SSLv2 Client Error Lets Remote Users Denial of Service or Execute Arbitrary Code


 Source Message Contents
Date:  Sat, 4 Nov 2006 00:33:47 -0500
Subject:  BIND



From NISCC:

Title
=====

Internet Systems Consortium Security Advisory: BIND 9: OpenSSL Vulnerabilities.
                            
Detail
======

Because of OpenSSL's recently announced vulnerabilities
(CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
we are announcing this workaround and releasing patches.  A proof of
concept attack on OpenSSL has been demonstrated for CAN-2006-4339.
OpenSSL is required to use DNSSEC with BIND.  ISC had included
the OpenSSL library in the BIND distribution, and in more recent
versions, the OpenSSL library was required, but no longer a part
of the distribution.



               Internet Systems Consortium Security Advisory.
                   BIND 9: OpenSSL Vulnerabilities.
                             31 October 2006

Versions affected:
	BIND 9.0.x (all versions of BIND 9.0)
	BIND 9.1.x (all versions of BIND 9.1)
	BIND 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.6-P1,
	     9.2.7b1, 9.2.7rc1 and 9.2.7rc2
	BIND 9.3.0, 9.3.1, 9.3.2, 9.3.2-P1, 9.3.3b1, 9.3.3rc1 and 9.3.3rc2
        BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, 9.4.0b1
	     and 9.4.0b2

Severity: Moderate (see below)
Exploitable: Remotely

Description:

	Because of OpenSSL's recently announced vulnerabilities
	(CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
	we are announcing this workaround and releasing patches.  A proof of
	concept attack on OpenSSL has been demonstrated for CAN-2006-4339.

	OpenSSL is required to use DNSSEC with BIND.  ISC had included
        the OpenSSL library in the BIND distribution, and in more recent
	versions, the OpenSSL library was required, but no longer a part
	of the distribution.

Workaround:

	Recompile named with a known good version of OpenSSL.
	OpenSSL 0.9.8d and 0.9.7l or greater are known to be good
	versions.

	For both KEY and DNSKEY resource record types, Generate
	RSASHA1 and RSAMD5 keys using the -e option to dnssec-keygen
	if the current keys were generated using the default exponent
	of 3.  You can determine if a key is vulnerable by looking
	at the algorithm (1 or 5) and the first three characters
	of the base64 encoded RSA key.

	RSASHA1 (5) and RSAMD5 (1) keys that start with AQM, AQN, AQO
        or AQP are vulnerable.

	For example, this RSASHA1 (5) key is vulnerable and needs to be
	replaced as the base64 encoded RSA key starts with AQP.

	DNSKEY 256 3 5 ( AQPGP80zt8pQS5xVaaaD054XBet8sCKaYZ9WrnYyuznqNX
			 kS91j6qqHuw7Y9kKAVsFoWfNw0CpahdIJIhUPFM1JRJtXh
		         Ny1cg9Ok3kBnN+fwCe2LY3qOtweFbL9bSjgolQWr42AlFO
		         jZnJVW1cECgVBfinKHBIEIIwIdHGGuLyIQaQ== )

	Note: the use of RSAMD5 (1) is no longer recommended.

	Once you have generated new keys, use the key rollover
	process of your choice to put them into production. We
	expect your normal (non-emergency) processes to be adequate,
	however, you should do your own risk analysis against the
	costs of exploitation of weak keys and proceed accordingly.

Fix:

	Upgrade to BIND 9.2.6-P2, BIND 9.3.2-P2, BIND 9.2.7rc3,
	BIND 9.3.3rc3 or BIND 9.4.0b3 then generate new RSASHA1 and
	RSAMD5 keys for all old keys using the old default exponent
	and perform a key rollover to these new keys.  See above
	for how to determine if you are using the old default exponent.

	These new versions of named check that the OpenSSL version meet
	the mininum revision levels at configure time -- for Windows,
	compile time.

	These versions also change the default RSA exponent to be
	65537 which is not vulnerable to the attacks described in
	CAN-2006-4339.

Revision History:

	20061102: Corrected fixed version number from BIND 9.2.3-P2
	to BIND 9.3.2-P2.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC