Logo of NSFOCUS
English Version Chinese Version Japanese Version
Products & Solutions
Services
Support
Reaserch
Careers
About Us
Research Institute
Security Advisory
Security Advisory
 
NSFOCUS Security Advisory (SA2010-01)

ISC BIND9 DLZ Sub-domain Delegation Remote DoS Vulnerability

Release Date: 2010-03-15
CVE ID: CVE-2009-2969

http://www.nsfocus.com/en/advisories/1001.html

Affected system:
==============
 
    ISC BIND 9.5.1-P3
    ISC BIND 9.4.3-P3
 
Unaffected system:
==============
 
    ISC BIND 9.5.2
    ISC BIND 9.6.1-P1
 
Impact:
======

NSFOCUS Security Team discovered a remote DoS vulnerability in ISC BIND9. By
carefully crafting DNS query data, a remote attacker might cause the BIND
process to exit abnormally.

Description:
==========

New version of BIND 9 supports Dynamically Loadable Zones to replace the previous
way of saving zone data into a txt file.

When configuring sub-domain delegation under BIND Dynamically Loadable Zones,
if users perform ANY RR query for that sub-domain, and the request uses DNSSEC,
then it's possible to trigger an explicit abort(). The BIND process will exit,
leading to DoS.

BIND service that does not use DLZ is not affected. The vulnerability can be
triggered by a single packet.

Workaround:
===========

Temporarily do not use DLZ method.

Vendor Status:
============

The vulnerability has been fixed in ISC BIND 9.5.2 and 9.6.1-P1. Please download
the latest version from vendor's homepage:

https://www.isc.org/downloadables/11

Additional Information:
==================

The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CVE-2009-2969 to this issue. This is a candidate for inclusion in the CVE
list (http://cve.mitre.org), which standardizes names for security problems.
Candidates may change significantly before they become official CVE entries.

Credit:
=====

This vulnerability was discovered by Chen Qing of NSFOCUS Security Team.
 
 

DISCLAIMS:
THE INFORMATION PROVIDED IS RELEASED BY NSFOCUS "AS IS" WITHOUT WARRANTY OF ANY KIND. NSFOCUS DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, EXCEPT FOR THE WARRANTIES OF MERCHANTABILITY. IN NO EVENTSHALL NSFOCUS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF USINESS PROFITS OR SPECIAL DAMAGES, EVEN IF NSFOCUS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. DISTRIBUTION OR REPRODUCTION OF THE INFORMATION IS PROVIDED THAT THE ADVISORY IS NOT MODIFIED IN ANY WAY.

© 2010 NSFOCUS.

NSFOCUS Security Team <security@nsfocus.com>
NSFOCUS INFORMATION TECHNOLOGY CO.,LTD
(http://www.nsfocus.com)

PGP Key: http://www.nsfocus.com/homepage/research/pgpkey.asc
Key fingerprint = F8F2 F5D1 EF74 E08C 02FE 1B90 D7BF 7877 C6A6 F6DA

 
  ©2010