|
 |
|
BIND serious remote vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA7494
|
|
|
Release Date:
|
2002-11-12
|
|
Last Update:
|
2003-09-09
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Partial Fix
|
|
| Software: | ISC BIND 4.x.x
ISC BIND 8.x.x
|
| | CVE reference: | CVE-2002-1219 (Secunia mirror)
CVE-2002-1220 (Secunia mirror)
CVE-2002-1221 (Secunia mirror)
|
|
|
|
|
|
Description:
Multiple vulnerabilities have been identified in BIND, which is used in virtually any unix flavour and linux distribution.
All BIND 8 versions up to and including 8.3.3 as well as all BIND 4 versions up to and including 4.9.10 suffer a remotely exploitable buffer overflow. This can be exploited on any DNS server, which allows recursive DNS (default behaviour). When BIND constructs a response, which contains a SIG record, a buffer overflow can be triggered making it possible to execute arbitrary code with the privileges of named.
BIND 8 versions 8.3.0 up to and including 8.3.3 suffer a remotely exploitable Denial of Service, which can be exploited by making a client request a non-existent subdomain of a valid domain name.
BIND 8 versions up to and including 8.3.3 suffer a Denial of Service vulnerability, which can be exploited if an invalid expiry time is supplied.
BIND 4.9.2 through 4.9.10 suffer a buffer overflow in LIBRESOLV. This does not affect BIND as such, but it does affect derived resolver libraries using the functions getnetbyname() and getnetbyaddr().
Solution:
Currently, only RedHat has issued an update but other vendors should follow shortly.
The best temporary solution is to disable recursion on your name servers. This can be done by doing the following:
For BIND 8 change / add to named.conf:
options {
recursion no;
};
For BIND 4 change / add to named.boot
options no-recursion
Also ANY DNS server ought to run in a chroot'ed jail. This will in most cases limit the impact of a compromise.
BIND 9 is NOT vulnerable. BIND 9 may be an easy option for users of BIND 8 and an upgrade from BIND 4 isn't too difficult either. ISC recommends that you deploy BIND version 9.2.1, see more:
http://www.isc.org/products/BIND/bind-security.html
EVEN IF YOU UPGRADE TO BIND 9.2.1, YOU SHOULD STILL DEPLOY A VENDOR UPDATE AS SOME RESOLVER LIBRARIES MAY NOT BE UPDATED.
Secunia will issue advisories regarding each individual system as more detailed information becomes available.
Some patches are now available from ISC.
BIND 8.3.3:
http://www.isc.org/products/BIND/patches/bind833.diff
BIND 8.2.6:
http://www.isc.org/products/BIND/patches/bind826.diff
BIND 4.9.10:
http://www.isc.org/products/BIND/patches/bind4910.diff
Red Hat has issued updated packages:
http://rhn.redhat.com/errata/RHSA-2002-133.html
http://rhn.redhat.com/errata/RHSA-2002-119.html
Provided and/or discovered by:
Internet Security Systems, iss.net
Changelog:
14/11/2002 ISC has issued official patches to BIND 4 and 8
Original Advisory:
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
Other References:
http://www.isc.org/products/BIND/bind-security.html
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
7 Related Secunia Security Advisories
|
|
|
1. ISC BIND Query Port DNS Cache Poisoning
|
|
2. ISC BIND libbind "inet_network()" Off-By-One Vulnerability
|
|
3. BIND 8 Predictable DNS Query IDs Vulnerability
|
|
4. BIND Zone Transfer TSIG Handling Denial of Service
|
|
5. BIND "q_usedns" Array Buffer Overflow Vulnerability
|
|
6. BIND Negative Cache Poisoning Vulnerability
|
|
7. ISC BIND Multiple Vulnerabilities
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
