Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Subscribe

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Security Vulnerability

Vigil@nce: BIND 9, denial of service via recursion

December 2011 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can use a malicious query on a recursive BIND DNS
server, with an invalid value in its cache, in order to stop it.

 Severity: 2/4
 Creation date: 16/11/2011
 Revision date: 17/11/2011

IMPACTED PRODUCTS

 Debian Linux
 Fedora
 IBM AIX
 ISC BIND
 Mandriva Enterprise Server
 Mandriva Linux
 Novell Linux Desktop
 OpenSolaris
 OpenSUSE
 Oracle Solaris
 Oracle Trusted Solaris
 Red Hat Enterprise Linux
 SUSE Linux Enterprise Server

DESCRIPTION OF THE VULNERABILITY

The BIND DNS server can be configured in recursive mode, in order
to resolve external addresses requested by internal clients.
Replies of external DNS servers are kept in a cache, and this
cache is later searched to answer future queries.

The DNSSEC protocol is used to authenticate data of DNS zones. The
NSEC and NSEC3 records are used to indicate that a name does not
exist (NXDOMAIN, Non-Existent Domain, NX). These records thus have
no data (rdata) associated.

An attacker can, using an unknown method, force the cache of a
recursive DNS server to contain a NX record with rdata. Then when
the client requests this record, the query_addadditional2()
function of the query.c file calls the macro
INSIST(!dns_rdataset_isassociated(sigrdataset)), because a rdata
is associated to a NC record. The INSIST macro stops the daemon.

In order to exploit this vulnerability, the attacker can be on the
internal network, and can request an invalid resolution. He can
also create an HTML document containing images located on a server
with a malicious name, and can then invite the victim to display
this HTML page. He can also send an email from an malicious server
name, which will be resolved by the messaging server.

An attacker can therefore use a malicious query on a recursive
BIND DNS server, with an invalid value in its cache, in order to
stop it.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/BIND-9-denial-of-service-via-recursion-11162


See previous articles

    

See next articles


Security Vulnerability

All our news in english

Alle unsere News auf deutsch

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts

 
News Files Cyber Security Security Vulnerability Malware Update Diary Guide & Podcast TRAINING Jobs CONTACTS Contact About Mentions légales identifier ADMIN

Global Security Mag Copyright 2011