Vigil@nce - BIND: access to the cache
October 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker, denied by an ACL, can use the recursion in order to
access to the BIND cache.
Severity: 2/4
Creation date: 29/09/2010
DESCRIPTION OF THE VULNERABILITY
The DNS BIND server can be configured to allow internal clients to
send recursive queries, whose results are then stored in the cache.
The server can also be configured as an authoritative server for a
public zone. In this case, internet clients are blocked by an ACL,
which denies access to the recursive feature.
However, if an internet client sends a recursive query, the
version 9.7.2 of BIND does not honor the ACL, and allows the
access to the cache.
An attacker, denied by an ACL, can therefore use the recursion in
order to access to the BIND cache.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/BIND-access-to-the-cache-9983