BIND Name Servers get Patched

Monday, July 29, 2013 @ 04:07 PM gHale


Internet Systems Consortium (ISC) fixed the denial-of-service (DoS) vulnerability in certain versions of BIND name servers, and network managers should upgrade quickly to a secure version of the DNS software.

Attackers sending specially crafted queries with malformed data to a vulnerable BIND server could cause the system to crash.

RELATED STORIES
BIND 9 DoS Hole Patched
LinkedIn Token Flaw Thwarted
LinkedIn Outage Caused by DDoS
Self-Propagating Trojan Lives On

“Authoritative and recursive servers are equally vulnerable,” said an alert from the ISC, which runs BIND. “Intentional exploitation of this condition can cause a denial of service in all nameservers running affected versions of BIND 9. Access Control Lists do not provide any protection from malicious clients.”

Open source versions 9.7.0 to 9.7.7, 9.8.0 to 9.8.5, 9.9.0 to 9.9.3-P1, and 9.8.6b1 to 9.9.4b1 are vulnerable, as are subscription versions 9.9.3-S1 and 9.9.4-S1b1.

The ISC also warns all versions of BIND 9.7 are vulnerable but these versions are no longer supported and do not receive security patches from ISC.

“In addition to the named server, applications built using libraries from the affected source distributions may crash with assertion failures triggered in the same fashion,” ISC warns.

ISC said users should upgrade to a patch release most closely related to the current BIND version running in that specific environment.

According to a post on the Full Disclosure mailing list, the malformed rdata will cause a named daemon to crash while rejecting the malformed query.

Just over a month ago, ISC patched a remotely exploitable denial of service flaw in BIND 9. An attacker exploiting the bug could crash recursive resolvers with a RUNTIME_CHECK error in resolver.c, the advisory said. That bug affected BIND 9.6-ESV-R9, 9.8.5, and 9.9.3 but did not affect versions 9.6.0 through 9.6-ESV-R8, 9.8.0 through 9.8.4-P2, and 9.9.0 through 9.9.2-P2.

These flaws come on the heels of a major vulnerability discovered and patched in late March that implicated millions of DNS servers running on UNIX systems. Exploits could not only crash DNS servers, but also compromise other applications running on a BIND server.

“A flaw in a library used by BIND 9.7, 9.8, and 9.9, when compiled on Unix and related operating systems, allows an attacker to deliberately cause excessive memory consumption by the named process, potentially resulting in exhaustion of memory resources on the affected server. This condition can crash BIND 9 and will likely severely affect operation of other programs running on the same machine,” the ISC security advisory said.



Leave a Reply

You must be logged in to post a comment.