CVE-2013-3919: A recursive resolver can be crashed by a query for a malformed zone
- 원격의 사용자가 특수하게 조작된 ‘recursive query’를 할 경우 발생할 수 있는 서비스거부 취약점
A defect exists which allows an attacker to crash a BIND 9 recursive resolver with a RUNTIME_CHECK error in resolver.c
Posting date:
04 Jun 2013
Versions affected:
BIND 9.6-ESV-R9, 9.8.5, and 9.9.3 are affected
Versions 9.6.0 through 9.6-ESV-R8, 9.8.0 through 9.8.4-P2, and 9.9.0 through 9.9.2-P2 ARE NOT affected.
Other major branches of BIND (e.g. 9.7, 9.5, etc) are not vulnerable but they are no longer supported by ISC and may lack other important security fixes.
Description:
A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal "RUNTIME_CHECK" error in resolver.c
Impact:
Triggering this defect will cause the affected server to exit with an error, denying service to recursive DNS clients that use that particular server.
CVSS Score: 7.8
CVSS Equation: (AV:N/AC:L/Au:N/C:N/I:N/A:C)
For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=%28AV:N/AC:L/Au:N/C:N/I:N/A:C%29
Workarounds:
None.
Active exploits:
At the time of this advisory no intentional exploitation of this bug has been observed in the wild. However, the existence of the issue has been disclosed on an open mailing list with enough accompanying detail to reverse engineer an attack and ISC is therefore treating this as a Type II (publicly disclosed) vulnerability, in accordance with our Phased Disclosure Process.
Solution:
New versions of BIND are being provided which contain a fix for the defect. The recommended solution is to upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://ftp.isc.org/isc/bind9
- BIND 9 version 9.9.3-P1
- BIND 9 version 9.8.5-P1
- BIND 9 version 9.6-ESV-R9-P1
Acknowledgements:
Document Revision History:
1.0 Type II Public Disclosure, 04 June, 2013
1.1 Published FAQ and Supplemental Information, 13 June, 2013
Related Documents:
See our BIND Security Matrix for a complete listing of Security Vulnerabilities and versions affected.
This new Knowledge Base article includes additional information and Frequently Asked Questions about this advisory.
If you'd like more information on our product support please visit www.isc.org/support.
Do you still have questions? Questions regarding this advisory should go to [email protected]
Note: ISC patches only currently supported versions. When possible we indicate EOL versions affected.
ISC Security Vulnerability Disclosure Policy: Details of our current security advisory policy and practice can be found here: ISC Software Defect and Security Vulnerability Disclosure Policy
This Knowledge Base article https://kb.isc.org/article/AA-00967 is the complete and official security advisory document.
Legal Disclaimer:
Internet Systems Consortium (ISC) is providing this notice on an "AS IS" basis. No warranty or guarantee of any kind is expressed in this notice and none should be implied. ISC expressly excludes and disclaims any warranties regarding this notice or materials referred to in this notice, including, without limitation, any implied warranty of merchantability, fitness for a particular purpose, absence of hidden defects, or of non-infringement. Your use or reliance on this notice or materials referred to in this notice is at your own risk. ISC may change this notice at any time. A stand-alone copy or paraphrase of the text of this document that omits the document URL is an uncontrolled copy. Uncontrolled copies may lack important information, be out of date, or contain factual errors.
