exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CA-2000-20.bind

CA-2000-20.bind
Posted Nov 14, 2000
Site cert.org

CERT Advisory CA-2000-20 - Name servers running ISC bind v8.2 through 8.2.2-P6 contains two denial of service vulnerabilities. The first vulnerability is referred to by the ISC as the "zxfr bug" and affects ISC BIND version 8.2.2, patch levels 1 through 6. The second vulnerability, the "srv bug", affects ISC BIND versions 8.2 through 8.2.2-P6. More information about these vulnerabilities available here.

tags | denial of service, vulnerability
SHA-256 | cd95a6b1bc9eb41421ec292ed176c6f56b4fb75e5f0998df20e42d7175b1cfbf

CA-2000-20.bind

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----

CERT Advisory CA-2000-20 Mulitple Denial-of-Service Problems in ISC BIND

Original release date: November 13, 2000
Source: CERT/CC

A complete revision history is at the end of this file.

Systems Affected

* Systems running Internet Software Consortium (ISC) BIND version
8.2 through 8.2.2-P6
* Systems running name servers derived from BIND version 8.2 through
8.2.2-P6

Overview

The CERT Coordination Center has recently learned of two serious
denial-of-service vulnerabilities in the Internet Software
Consortium's (ISC) BIND software.

The first vulnerability is referred to by the ISC as the "zxfr bug"
and affects ISC BIND version 8.2.2, patch levels 1 through 6. The
second vulnerability, the "srv bug", affects ISC BIND versions 8.2
through 8.2.2-P6. Derivatives of the above code sets should also be
presumed vulnerable unless proven otherwise.

I. Description

The Internet Software Consortium, the maintainer of BIND, the software
used to provide domain name resolution services, has recently posted
information about several denial-of-service vulnerabilities. If
exploited, any of these vulnerabilities could allow remote intruders
to cause site DNS services to be stopped.

For more information about these vulnerabilities and others, please
see

https://www.isc.org/products/BIND/bind-security.html

Two vulnerabilities in particular have been categorized by both the
ISC and the CERT/CC as being serious.

The "zxfr bug"

Using this vulnerability, attackers on sites which are permitted to
request zone transfers can force the named daemon running on
vulnerable DNS servers to crash, disrupting name resolution service
until the named daemon is restarted. The only preconditions for this
attack to succeed is that a compressed zone transfer (ZXFR) request be
made from a site allowed to make any zone transfer request (not just
ZXFR), and that a subsequent name service query of an authoritative
and non-cached record be made. The time between the attack and the
crash of named may vary from system to system.

This vulnerability has been discussed in public forums. The ISC has
confirmed that all platforms running version 8.2.2 of the BIND
software prior to patch level 7 are vulnerable to this attack.

The "srv bug"

This vulnerability can cause affected DNS servers running named to go
into an infinite loop, thus preventing further name requests to be
handled. This can happen if an SRV record (defined in RFC2782) is sent
to the vulnerable server.

Microsoft's Windows 2000 Active Directory service makes extensive use
of SRV records and is reportedly capable of triggering this bug in the
course of normal operations. This is not, however, a vulnerability in
Microsoft Active Directory. Any network client capable of sending SRV
records to vulnerable name server systems can exercise this
vulnerability.

The CERT/CC has not received any direct reports of either of these
vulnerabilities being exploited to date.

Both vulnerabilities can be used by malicious users to break the DNS
services being offered at all exposed sites on the Internet. System
administrators are strongly recommended to upgrade their DNS software
with either ISC's current distribution or their vendor-supplied
software. See the Solution and Vendor Information sections of this
document for more details.

II. Impact

Domain name resolution services (DNS) can be disabled on affected
servers from arbitrary remote hosts.

III. Solution

Apply a patch from your vendor

The CERT/CC recommends that all users of ISC BIND upgrade to the
recently-released BIND 8.2.2-P7, which patches both of the
vulnerabilities discussed in this document. Sites running
vendor-specific distributions of domain name resolution software
should check the Vendor Information section below for more specific
information on how to upgrade to non-vulnerable software.

Restrict zone transfers to trusted hosts

If it is not possible to immediately upgrade systems affected by the
"zxfr bug", the ISC suggests not allowing zone transfers from
untrusted hosts. This action, however, will not mitigate against the
effects of an attack using the "srv bug".

Although it has been reported that not allowing recursive queries may
help mitigate against the "zxfr" vulnerability, ISC has indicated that
this is not the case.

Appendix A. Vendor Information

The Internet Software Consortium

For the latest information regarding these vulnerabilities, please
consult the ISC web site at:

https://www.isc.org/products/BIND/bind-security.html

Caldera

Our advisory will be available [at]:

https://www.calderasystems.com/support/security/advisories/CSSA-2000-040.0.txt

Updated packages will be available from
OpenLinux Desktop 2.3
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current
9d8429f25c5fb3bebe2d66b1f9321e61 RPMS/bind-8.2.2p7-1.i386.rpm
0e958eb01f40826f000d779dbe6b8cb3 RPMS/bind-doc-8.2.2p7-1.i386.rpm
866ff74c77e9c04a6abcddcc11dbe17b RPMS/bind-utils-8.2.2p7-1.i386.rpm
6a545924805effbef01de74e34ba005e SRPMS/bind-8.2.2p7-1.src.rpm
OpenLinux eServer 2.3
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current
379c4328604b4491a8f3d0de44e42347 RPMS/bind-8.2.2p7-1.i386.rpm
b428b824c8b67f2d8d4bf53738a3e7e0 RPMS/bind-doc-8.2.2p7-1.i386.rpm
28311d630281976a870d38abe91f07fb RPMS/bind-utils-8.2.2p7-1.i386.rpm
6a545924805effbef01de74e34ba005e SRPMS/bind-8.2.2p7-1.src.rpm
OpenLinux eDesktop 2.4
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current
c37b6673cc9539e592013ac114846940 RPMS/bind-8.2.2p7-1.i386.rpm
bbe0d7e317fde0d47cba1384f6d4b635 RPMS/bind-doc-8.2.2p7-1.i386.rpm
5c28dd5641a4550c03e9859d945a806e RPMS/bind-utils-8.2.2p7-1.i386.rpm
6a545924805effbef01de74e34ba005e SRPMS/bind-8.2.2p7-1.src.rpm

Compaq Computer Corporation

SOURCE: Compaq Computer Corporation
Compaq Services
Software Security Response Team USA

Compaq Tru64/UNIX Operating Systems Software are not vulnerable to
these reported problems.

Conectiva

Please see Conectiva Linux Security Announcement CLSA-2000:339 at:

https://listserv.securityportal.com/SCRIPTS/WA-SECURITYPORTAL.EXE?A1=ind0011&L=linux-security#27

Note: Conectiva Linux Security Announcement CLSA-2000:338, also
regarding this issue, had a packaging error in it. Users who
downloaded updates based on CLSA-2000:338 should see CLSA-2000:339 for
further information.

Debian

Please see Debian Security notice 20001112, bind at:

https://www.debian.org/security/2000/20001112

FreeBSD

All versions of FreeBSD after 4.0-RELEASE (namely 4.1-RELEASE,
4.1.1-RELEASE and the forthcoming 4.2-RELEASE) are not vulnerable to
this bug since they include versions of BIND 8.2.3. FreeBSD
4.0-RELEASE and earlier are vulnerable to the reported problems since
they include an older version of BIND, and an update to a
non-vulnerable version is scheduled to be committed to FreeBSD
3.5.1-STABLE in the next few days.

Hewlett-Packard

HP is vulnerable to these problems and is working to correct them.

MandrakeSoft

Please see "MDKSA-2000:067: bind" at:

https://www.linux-mandrake.com/en/security/MDKSA-2000-067.php3

Microsoft Corporation

Microsoft is currently investigating these issues.

NetBSD

NetBSD is believed to be vulnerable to these problems; in response,
NetBSD-current has been upgraded to 8.2.2-P7 and 8.2.2-P7 will be
present in the forthcoming NetBSD 1.5 release.

RedHat

Please see "RHSA-2000:107-01: Updated bind packages fixing DoS
attack", soon to be available at:

https://www.redhat.com/support/errata/

Slackware

Updated Slackware distributions for bind may be found at:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/n1/bind.tgz

______________________________________________________________________

The CERT Coordination Center thanks Mark Andrews, David Conrad, and
Paul Vixie of the ISC for developing a solution and assisting in the
preparation of this advisory. We would also recognize the contribution
of Olaf Kirch in helping us understand the exact nature of the "zxfr
bug" vulnerability.
______________________________________________________________________

Author: This document was written by Jeffrey S. Havrilla and Jeffrey
P. Lanza. Feedback on this advisory is appreciated.
______________________________________________________________________

This document is available from:
https://www.cert.org/advisories/CA-2000-20.html
______________________________________________________________________

CERT/CC Contact Information

Email: cert@cert.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.

CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4)
Monday through Friday; they are on call for emergencies during other
hours, on U.S. holidays, and on weekends.

Using encryption

We strongly urge you to encrypt sensitive information sent by email.
Our public PGP key is available from

https://www.cert.org/CERT_PGP.key

If you prefer to use DES, please call the CERT hotline for more
information.

Getting security information

CERT publications and other security information are available from
our web site

https://www.cert.org/

To subscribe to the CERT mailing list for advisories and bulletins,
send email to majordomo@cert.org. Please include in the body of your
message

subscribe cert-advisory

* "CERT" and "CERT Coordination Center" are registered in the U.S.
Patent and Trademark Office.
______________________________________________________________________

NO WARRANTY
Any material furnished by Carnegie Mellon University and the Software
Engineering Institute is furnished on an "as is" basis. Carnegie
Mellon University makes no warranties of any kind, either expressed or
implied as to any matter including, but not limited to, warranty of
fitness for a particular purpose or merchantability, exclusivity or
results obtained from use of the material. Carnegie Mellon University
does not make any warranty of any kind with respect to freedom from
patent, trademark, or copyright infringement.
_________________________________________________________________

Conditions for use, disclaimers, and sponsorship information

Copyright 2000 Carnegie Mellon University.

Revision History
November 13, 2000: Initial release


-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBOhBkogYcfu8gsZJZAQHhKQP+Pd9/Qay+mubBlOQxVXPtfm5JmKj8dYfJ
DnxcIT9qXQFUrq1nVs48fLYhwNtA/fisjZKY6KMkYaw+r+nJVYMz1veP+//sVo7P
GDBMPUyrWmAGXVfUfIS3zjfWybqCm5+u4a4jDCWTy+n0oSyZ3ExBRPIZbPn1rUL5
RcqWcCJU5uY=
=jikH
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close