ISC BIND 9 resolver denial of service vulnerability

Overview

ISC BIND 9 resolver contains a remote packet denial of service vulnerability after logging an error in query.c.

Description

According to ISC:

_An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. ISC is working on determining the ultimate cause by which a record with this particular inconsistency is cached.At this time we are making available a patch which makes named recover gracefully from the inconsistency, preventing the abnormal exit.

The patch has two components. When a client query is handled, the code which processes the response to the client has to ask the cache for the records for the name that is being queried. The first component of the patch prevents the cache from returning the inconsistent data. The second component prevents named from crashing if it detects that it has been given an inconsistent answer of this nature._

---

Impact

A remote, unauthenticated attacker can cause the BIND 9 resolver to crash creating a denial of service condition.

---

Solution

Apply an update

Users who obtain BIND from a third-party vendor, such as their operating system vendor, should see the vendor information portion of this document for a partial list of affected vendors.

This vulnerability is addressed in ISC BIND versions 9.4-ESV-R5-P1, 9.6-ESV-R5-P1, 9.7.4-P1 and 9.8.1-P1. Users of BIND from the original source distribution should upgrade to this version.

See also <http://www.isc.org/software/bind/advisories/cve-2011-4313&gt;

---

Vendor Information

606539

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Debian GNU/Linux Affected

Updated: January 06, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <http://www.debian.org/security/2011/dsa-2347&gt;

Fedora Project Affected

Updated: January 06, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069970.html&gt;
• <http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069975.html&gt;
• <http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069463.html&gt;

Hewlett-Packard Company Affected

Updated: January 06, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• [http://marc.info/?l=bugtraq&amp;m=132310123002302&amp;w=2 ](<http://marc.info/?l=bugtraq&m=132310123002302&w=2
  >)
• http://marc.info/?l=bugtraq&m=132310123002302&w=2

Internet Systems Consortium Affected

Updated: November 16, 2011

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <https://www.isc.org/software/bind/981-p1&gt;
• <https://www.isc.org/software/bind/974-p1&gt;
• <https://www.isc.org/software/bind/96-esv-r5-p1&gt;
• <https://www.isc.org/software/bind/94-esv-r5-p1&gt;

Mandriva S. A. Affected

Updated: January 06, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <http://www.mandriva.com/security/advisories?name=MDVSA-2011:176&gt;

Oracle Corporation Affected

Updated: November 28, 2011

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <http://blogs.oracle.com/sunsecurity/entry/cve_2011_4313_denial_of&gt;

Red Hat, Inc. Affected

Updated: January 06, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <http://www.redhat.com/support/errata/RHSA-2011-1458.html&gt;
• <http://www.redhat.com/support/errata/RHSA-2011-1459.html&gt;
• <http://www.redhat.com/support/errata/RHSA-2011-1496.html&gt;

SUSE Linux Affected

Updated: January 06, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00027.html&gt;
• <http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00028.html&gt;
• <http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00029.html&gt;

Ubuntu Affected

Updated: January 06, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <http://www.ubuntu.com/usn/USN-1264-1&gt;

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.isc.org/software/bind/advisories/cve-2011-4313&gt;
• <https://www.isc.org/software/bind/981-p1&gt;
• <https://www.isc.org/software/bind/974-p1&gt;
• <https://www.isc.org/software/bind/96-esv-r5-p1&gt;
• <https://www.isc.org/software/bind/94-esv-r5-p1&gt;

Acknowledgements

Thanks to Internet Systems Consortium for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs:	CVE-2011-4313
Severity Metric:	21.92 Date Public: