SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
ISC BIND Packet Processing Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1025742
SecurityTracker URL:  http://securitytracker.com/id/1025742
CVE Reference:   CVE-2011-2464   (Links to External Site)
Date:  Jul 5 2011
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.6.3, 9.6-ESV-R4, 9.6-ESV-R4-P1, 9.6-ESV-R5b1 9.7.0, 9.7.0-P1, 9.7.0-P2, 9.7.1, 9.7.1-P1, 9.7.1-P2, 9.7.2, 9.7.2-P1, 9.7.2-P2, 9.7.2-P3, 9.7.3, 9.7.3-P1, 9.7.3-P2, 9.7.4b1 9.8.0, 9.8.0-P1, 9.8.0-P2, 9.8.0-P3, 9.8.1b1
Description:   A vulnerability was reported in ISC BIND. A remote user can cause denial of service conditions.

A remote user can send a specially crafted packet to cause the target 'named' service to exit. Recursive and authoritative servers are affected.

Impact:   A remote user can cause the target DNS service to exit.
Solution:   The vendor has issued a fix (9.6-ESV-R4-P3, 9.7.3-P3, 9.8.0-P4).

The vendor's advisory is available at:

https://www.isc.org/software/bind/advisories/cve-2011-2464

Vendor URL:  www.isc.org/software/bind/advisories/cve-2011-2464 (Links to External Site)
Cause:   State error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 7 2011 (Red Hat Issues Fix) ISC BIND Packet Processing Flaw Lets Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 5 and 6.
Jul 12 2011 (Infoblox Issues Fix for Infoblox NIOS) ISC BIND Packet Processing Flaw Lets Remote Users Deny Service
Infoblox has issued a fix for Infoblox NIOS.
Jul 25 2011 (Oracle Issues Fix for Solaris) ISC BIND Packet Processing Flaw Lets Remote Users Deny Service
Oracle has issued a fix for Solaris 8, 9, 10, and 11 Express.
Jul 27 2011 (NetBSD Issues Fix) ISC BIND Packet Processing Flaw Lets Remote Users Deny Service
NetBSD has issued a fix.
Sep 15 2011 (F5 Issues Fix for BIG-IP) ISC BIND Packet Processing Flaw Lets Remote Users Deny Service
F5 has issued a fix for BIG-IP.
Sep 28 2011 (FreeBSD Issues Fix) ISC BIND Packet Processing Flaw Lets Remote Users Deny Service   (FreeBSD Security Advisories <security-advisories@freebsd.org>)
FreeBSD has issued a fix for FreeBSD 8.2.
Oct 28 2011 (HP Issues Fix for HP-UX) ISC BIND Packet Processing Flaw Lets Remote Users Deny Service
HP has issued a fix for HP-UX.



 Source Message Contents

Date:  Tue, 5 Jul 2011 06:55:16 -0700
Subject:  [Full-disclosure] Security Advisory: CVE-2011-2464 - ISC BIND 9 Remote packet Denial of Service against Authoritative and Recursive Servers

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

ISC BIND 9 Remote packet Denial of Service against Authoritative and
Recursive Servers

A specially constructed packet will cause BIND 9 ("named") to exit,
affecting DNS service.

CVE: CVE-2011-2464

Document Version:  2.0

Posting date: 05 Jul 2011

Program Impacted: BIND

Versions affected:  9.6.3, 9.6-ESV-R4, 9.6-ESV-R4-P1, 9.6-ESV-R5b1 9.7.0,
9.7.0-P1, 9.7.0-P2, 9.7.1, 9.7.1-P1, 9.7.1-P2, 9.7.2, 9.7.2-P1, 9.7.2-P2,
9.7.2-P3, 9.7.3, 9.7.3-P1, 9.7.3-P2, 9.7.4b1 9.8.0, 9.8.0-P1, 9.8.0-P2,
9.8.0-P3, 9.8.1b1

Severity:  High

Exploitable:  Remotely

Description: 

A defect in the affected BIND 9 versions allows an attacker to remotely
cause the "named" process to exit using a specially crafted packet. This
defect affects both recursive and authoritative servers. The code location
of the defect makes it impossible to protect BIND using ACLs configured
within named.conf or by disabling any features at compile-time or run-time.

A remote attacker would need to be able to send a specially crafted packet
directly to a server running a vulnerable version of BIND. There is also
the potential for an indirect attack via malware that is inadvertently
installed and run, where infected machines have direct access to an
organization's nameservers.

CVSS Score: 7.8

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

For more information on the Common Vulnerability Scoring System and to
obtain your specific environmental score please visit:
http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2

Workarounds: 

There are no known workarounds for publicly available servers.
Administrators of servers that are not publicly available may be able to
limit exposure via firewalls and packet filters.

Active exploits: 

ISC knows of no public tools to exploit this defect at the time of this
advisory.

Solution: 

Upgrade to: 9.6-ESV-R4-P3, 9.7.3-P3 or 9.8.0-P4.

Download these versions from the following locations:

ISC releases of BIND 9 software may be downloaded from
http://www.isc.org/software/bind

If you do not obtain your BIND software directly from ISC, contact your
operating system or software vendor for an update.

If you are participating in ISC's beta or release candidate (RC) programs,
please upgrade. ISC Beta/RC testers are expected to remove vulnerable
versions and upgrade. No security advisories are issued for beta / release
candidates once the corresponding final release is made.

In addition, 9.5.3b1 and 9.5.3rc1 are affected although ISC has not
released a final production version of 9.5.3. Note that BIND 9.5 is
End-of-Life, therefore if you are running a pre-release version of 9.5.3 we
recommend upgrading to a supported production version of BIND.

9.6-ESV-R4-P2 is not affected by any known attack vectors, but has been
replaced by 9.6-ESV-R4-P3 which carries a more complete fix

Other versions of BIND 9 not listed in this advisory are not vulnerable to
this problem.

Acknowledgements: 

ISC thanks Roy Arends from Nominet for pin-pointing the exact nature of the
vulnerability. We also thank Ramesh Damodaran of Infoblox for finding a
variation of the attack vector and Mats Dufberg of TeliaSonera Sweden for
confirming additional variants.

Document Revision History:

Version 1.0 - 14 June 2011:  Phase One Disclosure Date
Version 1.1 - 20 June 2011:  Phase Two Disclosure Date with updates.
Version 1.2 - 21 June 2011:  Updates on beta, RC, and clarity editing
Verison 1.3 - 21 June 2011:  Sent Hold Notices to Phase I constituents,
extended Acknowledgments
Version 1.4 - 23 June 2011:  Updated -P versions to include Advanced
Security Patches release to Phase I, and "Upgrade to:" versions
Version 1.5 - 24 June 2011:  Added document URL, sent schedule update to
Phase I constituents.
Version 1.6 - 28 June 2011:  Updated Versions Affected, extended
Acknowledgments, sent Phase I updates
Version 1.7 - 30 June 2011:  Updated attribution text.
Version 1.8 - 4 July 2011: Phase Three and Four Disclosure Date
version 2.0 - 5 July 2011:  Public Disclosure

Do you have Questions? Questions regarding this advisory should go to
security-officer@isc.org.

Do you need Software Support? Questions on ISC's Support services or other
offerings should be sent to sales@isc.org. More information on ISC's
support and other offerings are available at:
http://www.isc.org/community/blog/201102/BIND-support

ISC Security Vulnerability Disclosure Policy: Details of our current
security advisory policy and practice can be found here:
https://www.isc.org/security-vulnerability-disclosure-policy



Legal Disclaimer:: 

Internet Systems Consortium (ISC) is providing this notice on an "AS IS"
basis. No warranty or guarantee of any kind is expressed in this notice and
none should be implied. ISC expressly excludes and disclaims any warranties
regarding this notice or materials referred to in this notice, including,
without limitation, any implied warranty of merchantability, fitness for a
particular purpose, absence of hidden defects, or of non-infringement. Your
use or reliance on this notice or materials referred to in this notice is
at your own risk. ISC may change this notice at any time. 

A stand-alone copy or paraphrase of the text of this document that omits
the document URL is an uncontrolled copy. Uncontrolled copies may lack
important information, be out of date, or contain factual errors.

-----BEGIN PGP SIGNATURE-----
Version: 10.1.0.860

wsBVAwUBThMO/b2X3GOe6MR7AQrt6wf/bj9Cs1WtItSnQ37bSaCjh+FmVJSZLK/L
pzwTKR1Z4NS9riwDHRUgDtSHryT9fQfs4Nt8znpLUe9hyCXcMNy2uYScwyt9Rp1H
hbhauZkQFOQntHP7jc9X4Z6BrySk/YWhfWa2X74CGbt0dYKkpuxIXhfolzTCZ4C2
CK/M8Xgy6669F565GiAgUZu+AGPL3/uutvgCT0ywZXWojpAnkPMxKPNTU690+aQH
bUMVbIZ1HqwNHqFsu4DbGoPzFoSZuW6AyB1L7HNOt+Zt2dnL/ExxfpGi0VP+PAxm
a7Gg3aeC/qktygL3eRxeZ9p/ST8kp6vfSrdrHx3ovdn3ZeRsoiZDtA==
=ARbT
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC