[SECURITY-L] BIND Security Advisory

[CSIRT - UNICAMP]

---------- Forwarded message ----------
From: Keith Mitchell <keith em isc.org>
Date: Tue, Jul 28, 2009 at 5:37 PM
Subject: [dns-operations] BIND Security Advisory
To: dns-operations em mail.dns-oarc.net


[Apologies for any duplicate postings, but this is kind of critical]

See also https://www.isc.org/node/474

BIND Dynamic Update DoS

CVE: CVE-2009-0696
CERT: VU#725188
Posting date: 2009-07-28
Program Impacted: BIND
Versions affected:BIND 9 (all versions)
Severity: High
Exploitable: remotely
Summary: BIND denial of service (server crash) caused by receipt
of a specific remote dynamic update message.

Description:

Urgent: this exploit is public. Please upgrade immediately.

Receipt of a specially-crafted dynamic update message may cause BIND 9
servers to exit. This vulnerability affects all servers ? it is not
limited to those that are configured to allow dynamic updates. Access
controls will not provide an effective workaround.

dns_db_findrdataset() fails when the prerequisite section of the dynamic
update message contains a record of type ?ANY? and where at least one
RRset for this FQDN exists on the server.

db.c:659: REQUIRE(type != ((dns_rdatatype_t)dns_rdatatype_any)) failed
exiting (due to assertion failure).

Workarounds:    None.
(Some sites may have firewalls that can be configured with packet
filtering techniques to prevent nsupdate messages from reaching their
nameservers.)

Active exploits:
An active remote exploit is in wide circulation at this time.

Solution:

Upgrade BIND to one of 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1. These versions
can be downloaded from:

   http://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz
   http://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz
   http://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz

Acknowledgement: Matthias Urlichs



----- End forwarded message -----