BIND 9 DNSSEC validation code could cause fake NXDOMAIN responses

2010-01-19T00:00:00
ID VU:360341
Type cert
Reporter CERT
Modified 2010-01-27T00:00:00

Description

Overview

A vulnerability exists in the BIND 9 DNSSEC validation code that could be used by an attacker to generate fake NXDOMAIN responses.

Description

BIND 9 contains a vulnerability in DNSSEC validation code. According to ISC:

_There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly, so that future queries to the resolver would return the bogus NXDOMAIN with the AD flag set. _

This issue affects BIND versions 9.0.x, 9.1.x, 9.2.x, 9.3.x, 9.4.0 -> 9.4.3-P4, 9.5.0 -> 9.5.2-P1, 9.6.0 -> 9.6.1-P2


Impact

An attacker may be able to add fake NXDOMAIN records to a resolver's cache.


Solution

Upgrade BIND to version 9.4.3-P5, 9.5.2-P2 or 9.6.1-P3.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
Fedora Project| | 14 Jan 2010| 27 Jan 2010
Internet Systems Consortium| | 14 Jan 2010| 19 Jan 2010
Red Hat, Inc.| | 14 Jan 2010| 27 Jan 2010
Sun Microsystems, Inc.| | 14 Jan 2010| 27 Jan 2010
The SCO Group| | 14 Jan 2010| 27 Jan 2010
Ubuntu| | 14 Jan 2010| 27 Jan 2010
Alcatel-Lucent| | 14 Jan 2010| 14 Jan 2010
Apple Inc.| | 14 Jan 2010| 14 Jan 2010
BlueCat Networks, Inc.| | 14 Jan 2010| 14 Jan 2010
Check Point Software Technologies| | 14 Jan 2010| 14 Jan 2010
Conectiva Inc.| | 14 Jan 2010| 14 Jan 2010
Cray Inc.| | 14 Jan 2010| 14 Jan 2010
Debian GNU/Linux| | 14 Jan 2010| 14 Jan 2010
DragonFly BSD Project| | 14 Jan 2010| 14 Jan 2010
EMC Corporation| | 14 Jan 2010| 14 Jan 2010
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <https://www.isc.org/advisories/CVE-2010-0097>

Credit

This issue was reported by ISC .

This document was written by David Warren.

Other Information

  • CVE IDs: CVE-2010-0097
  • Date Public: 19 Jan 2010
  • Date First Published: 19 Jan 2010
  • Date Last Updated: 27 Jan 2010
  • Document Revision: 12