CERTVU:198355ISC BIND 8.2.2-P6 vulnerable to DoS when processing SRV records, aka the "srv bug"
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.013 Low
EPSS
Percentile
85.9%
Overview
There is a denial-of-service vulnerability in several versions of the Internet Software Consortium’s (ISC) BIND software. This vulnerability is referred to by the ISC as the “srv bug” and affects ISC BIND versions 8.2 through 8.2.2-P6.
Description
This vulnerability can cause affected DNS servers running named to go into an infinite loop, thus preventing further name requests to be handled. This can happen if an SRV record (defined in RFC2782) is sent to the vulnerable server.
Microsoft’s Windows 2000 Active Directory service makes extensive use of SRV records and is reportedly capable of triggering this bug in the course of normal operations. This is not, however, a vulnerability in Microsoft Active Directory. Any network client capable of sending SRV records to vulnerable name server systems can exercise this vulnerability.
Impact
A remote attacker can use malicious SRV records to crash vulnerable BIND servers, resulting in a denial-of-service condition that disables name resolution service.
Solution
Apply a patch from your vendor
To address this vulnerability, the CERT/CC recommends that all users of ISC BIND upgrade to version 8.2.2-P7, which patches both VU#198355 and VU#715973. For information regarding vendor-specific versions of DNS software, please consult the Systems Affected section of this document.
Vendor Information
198355
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Compaq Computer Corporation __ Affected
Notified: November 12, 2000 Updated: May 16, 2001
Status
Affected
Vendor Statement
......................................................................
COMPAQ COMPUTER CORPORATION
......................................................................
CERT-2000-20 - BIND 8 The "zxfr bug"
X-REF: SSRT1-38U, CERT-2000-20
......................................................................
Compaq Tru64 UNIX V5.1 -
patch: SSRT1-66U_v5.1.tar.Z
Compaq Tru64 UNIX V5.0 & V5.0a -
V5.0 patch: SSRT1-68U_v5.0.tar.Z
V5.0a patch: SSRT1-68U_v5.0a.tar.Z
Compaq Tru64 UNIX V4.0D/F/G - Not Vulnerable
TCP/IP Services for Compaq OpenVMS - Not Vulnerable
......................................................................
CERT02000-20 - BIND 8 The "srv bug"
X-REF: SSRT1-38U, CERT CA2000-20
......................................................................
Compaq Tru64 UNIX V5.1 -
patch: SSRT1-66U_v5.1.tar.Z
Compaq Tru64 UNIX V5.0 & V5.0a -
V5.0 patch: SSRT1-68U_v5.0.tar.Z
V5.0a patch: SSRT1-68U_v5.0a.tar.Z
Compaq Tru64 UNIX V4.0D/F/G - Not Vulnerable
TCP/IP Services for Compaq OpenVMS - Not Vulnerable
Compaq will provide notice of the completion/availability
of the patches through AES services (DIA, DSNlink FLASH),
the ** Security mailing list, and be available from your
normal Compaq Support channel.
**You may subscribe to the Security mailing list at:
_http://www.support.compaq.com/patches/mailing-list.shtml_
Software Security Response Team
COMPAQ COMPUTER CORPORATION
......................................................................
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Compaq Tru64 Unix was reported not vulnerable when CA-2000-20 was initially launched.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23198355 Feedback>).
Debian __ Affected
Updated: May 16, 2001
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Debian has released vendor-specific information regarding this vulnerability at:
<http://www.debian.org/security/2000/20001112>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23198355 Feedback>).
Hewlett Packard __ Affected
Notified: November 12, 2000 Updated: January 25, 2002
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
HP has released a Security Bulletin to address this issue; for further information, please visit <http://itrc.hp.com> and search for “HPSBUX0102-144”. Please note that registration may be required to access this document.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23198355 Feedback>).
IBM __ Affected
Notified: November 12, 2000 Updated: May 11, 2001
Status
Affected
Vendor Statement
IBM has reported to the CERT/CC that AIX is vulnerable to the bugs described in this document. IBM initially released an e-patch in APAR IY14512.
IBM has posted an e-fix for the BIND denial-of-service vulnerabilities to ftp.software.ibm.com/aix/efixes/security. See the README file in this ftp directory for additional information.
Also, IBM has posted an e-fix to this same site that contains libc.a library that incorporates a fix to the BIND vulnerabilities and the recent locale subsystem format string vulnerability discovered by Ivan Arce of CORE, and discussed on Bugtraq. The e-fix for BIND must be downloaded and installed before implementing this e-fix. See the same README file for details.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23198355 Feedback>).
ISC Affected
Updated: May 11, 2001
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23198355 Feedback>).
SuSE __ Affected
Notified: November 16, 2000 Updated: May 11, 2001
Status
Affected
Vendor Statement
SuSE Linux has published a Security Announcement (below) regarding this vulnerability. For the latest version of this advisory, please visit:
http://www.suse.com/de/support/security/2000_045_bind8_txt.txt
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
SuSE Security Announcement: bind8 (SuSE-SA:2000:45) -----BEGIN PGP SIGNED MESSAGE-----
Trustix Affected
Notified: November 16, 2000 Updated: May 11, 2001
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23198355 Feedback>).
FreeBSD __ Not Affected
Notified: November 12, 2000 Updated: May 11, 2001
Status
Not Affected
Vendor Statement
All versions of FreeBSD after 4.0-RELEASE (namely 4.1-RELEASE, 4.1.1-RELEASE and the forthcoming 4.2-RELEASE) are not vulnerable to this bug since they include versions of BIND 8.2.3. FreeBSD 4.0-RELEASE and earlier are vulnerable to the reported problems since they include an older version of BIND, and an update to a non-vulnerable version is scheduled to be committed to FreeBSD 3.5.1-STABLE in the next few days.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23198355 Feedback>).
Fujitsu __ Not Affected
Notified: November 12, 2000 Updated: May 11, 2001
Status
Not Affected
Vendor Statement
Fujitsu’s UXP/V is not vulnerable to these bugs because we support a different version of BIND.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23198355 Feedback>).
Caldera Unknown
Notified: November 12, 2000 Updated: May 16, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23198355 Feedback>).
Conectiva Unknown
Updated: May 11, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23198355 Feedback>).
Immunix Unknown
Updated: May 11, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23198355 Feedback>).
MandrakeSoft Unknown
Updated: May 11, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23198355 Feedback>).
Microsoft Unknown
Updated: May 11, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23198355 Feedback>).
NetBSD Unknown
Updated: May 11, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23198355 Feedback>).
RedHat Unknown
Updated: May 11, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23198355 Feedback>).
Slackware Unknown
Updated: May 11, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23198355 Feedback>).
View all 17 vendors __View less vendors __
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.isc.org/products/BIND/bind8.html>
- <http://www.isc.org/products/BIND/bind-security.html>
Acknowledgements
The CERT Coordination Center thanks Mark Andrews, David Conrad, and Paul Vixie of the ISC for developing a solution and assisting in the preparation of this document.
This document was written by Jeffrey S. Havrilla and Jeffrey P. Lanza.
Other Information
| CVE IDs: | CVE-2000-0888 |
|---|---|
| CERT Advisory: | CA-2000-20 Severity Metric: |
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.013 Low
EPSS
Percentile
85.9%