Vigil@nce - ISC BIND: ACL bypass on Windows
November 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When BIND is installed on Windows, an attacker can perform some
operations, which should be protected by an ACL.
Impacted products: BIND
Severity: 2/4
Creation date: 07/11/2013
DESCRIPTION OF THE VULNERABILITY
When BIND is installed on Windows, it uses the Winsock API
provided by the system.
However, when a network interface is configured with a network
mask of 255.255.255.255, Winsock (SIO_GET_INTERFACE_LIST) returns
0.0.0.0. BIND ACL containing "localnets" then accept any IP
address. It can be noted that several default ACL
(allow-query-cache, allow-query-cache-on, allow-recursion, etc.)
use "localnets".
When BIND is installed on Windows, an attacker can therefore
perform some operations, which should be protected by an ACL.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/ISC-BIND-ACL-bypass-on-Windows-13717