cache poisoning/denial-of-service in bind8

ID SUSE-SA:2003:047
Type suse
Reporter Suse
Modified 2003-11-28T14:58:12


To resolve IP addresses to host and domain names and vice versa the DNS service needs to be consulted. The most popular DNS software is the BIND8 and BIND9 suite. The BIND8 code is vulnerable to a remote denial-of-service attack by poisoning the cache with authoritative negative responses that should not be accepted otherwise. To execute this attack a name-server needs to be under malicious control and the victim's bind8 has to query this name-server. The attacker can set a high TTL value to keep his negative record as long as possible in the cache of the victim. For this time the clients of the attacked site that rely on the bind8 service will not be able to reach the domain specified in the negative record. These records should disappear after the time-interval (TTL) elapsed.