N-013: ISC Remote Vulnerabilities in BIND4 and BIND8

N-013: ISC Remote Vulnerabilities in BIND4 and BIND8 Privacy and Legal Notice INFORMATION BULLETIN N-013: ISC Remote Vulnerabilities in BIND4 and BIND8 [Internet Software Consortium Advisory] November 12, 2002 22:00 GMT


PROBLEM:	ISC has discovered several vulnerabilities of varying levels of severity in BIND that may lead to remote compromises and DoS attacks against vulnerable DNS servers. The problem lies with buffer overflows causing BIND to cache DNS information or cause BIND 8 servers to abruptly terminate causing DOS attacks on DNS protocols.
AFFECTED SOFTWARE:	BIND 4.9.5 to 4.9.10 BIND 8.1, 8.2 to 8.2.6, 8.3.0 to 8.3.3
DAMAGE:	There is a flaw in the formation of DNS responses containing SIG resource records (RR) that can lead to buffer overflow, remote execution of arbitrary code, and DoS attacks.
SOLUTION:	ISC recommends upgrading to BIND version 9.2.1, or monitor your vendor's web sites for new information releases.

VULNERABILITY ASSESSMENT:	The risk is HIGH. CIAC has learned exploits are actively being developed for these vulnerabilities. DNS is a vital Internet protocol, and BIND is used on the vast majority of DNS servers on the Internet.

LINKS:
CIAC BULLETIN:	http://www.ciac.org/ciac/bulletins/n-013.shtml
ORIGINAL BULLETIN:	http://www.isc.org/products/BIND/bind-security.html
ADDITIONAL INFO:	CERT: http://www.cert.org/advisories/CA-2002-31.html ISS: http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469

[***** Start Internet Software Consortium Advisory *****]

BIND Vulnerabilities

ISC has discovered or has been notified of several bugs which can result in 
vulnerabilities of varying levels of severity in BIND as distributed by ISC. 
Upgrading to BIND version 9.2.1 is strongly recommended. 

Name: "BIND: Remote Execution of Code"

Versions affected:
BIND 4.9.5 to 4.9.10
BIND 8.1, 8.2 to 8.2.6, 8.3.0 to 8.3.3 

Severity:
SERIOUS

Exploitable:
Remotely

Type:
Possibility to execute arbitrary code. 


Description:

When constructing a response containing SIG records a incorrect space allows a 
write buffer overflow. It is then possible to execute code with the privleges 
of named. 

Workarounds:
Disable recursion if possible. 

Fix:
Vendors should speak to ISC about patches. New BIND 4 & 8 releases are coming 
soon. 

Active Exploits:
None known 

ISC would like to thank Internet Security Systems for bringing this to our 
attention.

[***** End Internet Software Consortium Advisory *****]

CIAC wishes to acknowledge the contributions of Internet Software Consortium and Internet Security Systems for the information contained in this bulletin.

CIAC services are available to DOE, DOE Contractors, and the NIH. CIAC can be contacted at:

    Voice:          +1 925-422-8193 (7 x 24)
    FAX:            +1 925-423-8002
    STU-III:        +1 925-423-2604
    E-mail:          ciac@ciac.org
    World Wide Web:  http://www.ciac.org/
    Anonymous FTP:   ftp.ciac.org

This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes.

UCRL-MI-119788
[Privacy and Legal Notice]