[SECURITY-L] IMPORTANTE: Bind vulnerable to an assertion failure whtn querying for SIG records
CSIRT - UNICAMP
security em unicamp.br
Qua Set 6 14:42:49 -03 2006
----- Forwarded message from Nelson Murilo <nelson em pangeia.com.br> -----
From: Nelson Murilo <nelson em pangeia.com.br>
Subject: [S] Bind vulnerable to an assertion failure whtn querying for SIG records
To: seguranca em pangeia.com.br
Date: Wed, 6 Sep 2006 12:31:25 -0300
[http://www.isc.org/index.pl?/sw/bind/]
Vulnerability Note VU#915404
BIND vulnerable to an assertion failure when querying for SIG records
Overview
A vulnerability in the BIND name server could allow a remote attacker to
cause a denial of service against an affected system.
I. Description
The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS)
implementation from Internet Systems Consortium (ISC). A flaw exists in the way
that some versions of BIND handle DNS Security Extensions (DNSSEC) signed
Resource Record Sets (RRsets).
The specific impact of this vulnerability is slightly different depending on the
type of DNS server involved. For recursive servers, queries for SIG records will
trigger a assertion failure if more than one SIG(covered) RRset is returned. For
authoritative servers, if a nameserver is serving a RFC 2535 DNSSEC zone and is
queried for the SIG records where there are multiple SIG(covered) RRsets (e.g. a
zone apex) then the name server daemon will trigger a assertion failure when it
tries to construct the response.
This vulnerability affects BIND 9.3.x versions 9.3.0, 9.3.1, 9.3.2, 9.3.3b, and
9.3.3rc1 and BIND 9.4.x versions 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5,
9.4.0a6 and 9.4.0b1.
II. Impact
A remote attacker may be able to cause the name server daemon to crash, thereby
causing a denial of service for DNS operations.
III. Solution
Apply a patch from the vendor
Patches have been released in response to this issue. Please see the Systems
Affected section of this document.
Upgrade
Users who compile their own versions of BIND from the original ISC source code
are encouraged to upgrade to BIND 9.3.2-P1. Patches for this issue are also
included in BIND versions 9.3.3rc2 and 9.4.0b2. Patched versions of the software
are available from the BIND download page.
Restrict Access
Administrators, particularly those who are unable to apply a patch, can limit
exposure to this vulnerability by restricting sources that can ask for recursion.
Systems Affected
Vendor Status Date Updated
Apple Computer, Inc. Unknown 23-Aug-2006
BlueCat Networks, Inc. Unknown 23-Aug-2006
Check Point Software Technologies Unknown 23-Aug-2006
Conectiva Inc. Unknown 23-Aug-2006
Cray Inc. Unknown 23-Aug-2006
Debian GNU/Linux Unknown 23-Aug-2006
EMC, Inc. (formerly Data General Corporation) Unknown 23-Aug-2006
Engarde Secure Linux Unknown 23-Aug-2006
F5 Networks, Inc. Unknown 23-Aug-2006
Fedora Project Unknown 23-Aug-2006
FreeBSD, Inc. Unknown 23-Aug-2006
Fujitsu Unknown 23-Aug-2006
Gentoo Linux Unknown 23-Aug-2006
Gnu ADNS Unknown 23-Aug-2006
GNU glibc Unknown 23-Aug-2006
Hewlett-Packard Company Unknown 23-Aug-2006
Hitachi Not Vulnerable 5-Sep-2006
IBM Corporation Unknown 23-Aug-2006
IBM Corporation (zseries) Unknown 23-Aug-2006
IBM eServer Unknown 23-Aug-2006
Immunix Communications, Inc. Unknown 23-Aug-2006
Infoblox Unknown 23-Aug-2006
Ingrian Networks, Inc. Unknown 23-Aug-2006
Internet Software Consortium Vulnerable 6-Sep-2006
Juniper Networks, Inc. Not Vulnerable 5-Sep-2006
Lucent Technologies Unknown 23-Aug-2006
Mandriva, Inc. Unknown 23-Aug-2006
Men & Mice Unknown 23-Aug-2006
Metasolv Software, Inc. Unknown 23-Aug-2006
Microsoft Corporation Unknown 23-Aug-2006
MontaVista Software, Inc. Unknown 23-Aug-2006
NEC Corporation Unknown 23-Aug-2006
NetBSD Unknown 23-Aug-2006
Nokia Unknown 23-Aug-2006
Nortel Networks, Inc. Unknown 23-Aug-2006
Novell, Inc. Unknown 23-Aug-2006
OpenBSD Unknown 23-Aug-2006
Openwall GNU/*/Linux Unknown 23-Aug-2006
QNX, Software Systems, Inc. Unknown 23-Aug-2006
Red Hat, Inc. Unknown 23-Aug-2006
Shadowsupport Unknown 23-Aug-2006
Silicon Graphics, Inc. Unknown 23-Aug-2006
Slackware Linux Inc. Unknown 23-Aug-2006
Sony Corporation Unknown 23-Aug-2006
Sun Microsystems, Inc. Unknown 23-Aug-2006
SUSE Linux Unknown 23-Aug-2006
The SCO Group Unknown 23-Aug-2006
Trustix Secure Linux Unknown 23-Aug-2006
Turbolinux Unknown 23-Aug-2006
Ubuntu Unknown 23-Aug-2006
Unisys Unknown 23-Aug-2006
Wind River Systems, Inc. Unknown 23-Aug-2006
References
http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en
http://jvn.jp/cert/JVNVU%23915404/index.html
http://secunia.com/advisories/21752/
Credit
Thanks to Joao Damas of the Internet Software Consortium for reporting this vulnerability.
This document was written by Chad R Dougherty.
Other Information
Date Public 09/05/2006
Date First Published 09/05/2006 03:34:20 PM
Date Last Updated 09/06/2006
CERT Advisory
CVE Name CVE-2006-4095
Metric 7.83
Document Revision 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L