BIND Flaw Causing Crashes

Friday, November 18, 2011 @ 02:11 PM gHale

There’s a new vulnerability in the BIND name server software causing versions of the application to crash unexpectedly after logging a certain kind of error.

The Internet Software Consortium, which maintains BIND, is investigating the issue and trying to determine the severity of the problem.

Security Survey: Mobile Devices a Problem
Malware Alert: Android up 472%
Busted: Ghost Click Nets Six
Malware Thrives, Remains Undetected

The problem affects all of the currently supported versions of BIND, including BIND 9.7x and 9.8x. It’s unknown right now whether the flaw can run remote code.

“Organizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: “INSIST(! dns_rdataset_isassociated(sigrdataset))” Multiple versions were feeling the affect, including all currently supported release versions of ISC BIND 9. ISC is actively investigating the root cause and has produced patches which prevent the crash,” the ISC said in an advisory on the BIND flaw.

“An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. ISC is working on determining the ultimate cause by which a record with this particular inconsistency is cached. At this time we are making available a patch which makes named recover gracefully from the inconsistency, preventing the abnormal exit,” the ISC said.

ISC created patches for each of the vulnerable versions, and is still looking into whether there are any active exploits used against the vulnerability right now.

“The patch has two components. When a client query is handled, the code which processes the response to the client has to ask the cache for the records for the name that is being queried. The first component of the patch prevents the cache from returning the inconsistent data. The second component prevents named from crashing if it detects that it has been given an inconsistent answer of this nature,” the ISC said.

Leave a Reply

You must be logged in to post a comment.