BIND Validator Self Checking Remote Denial Of Service Vulnerability
BID:12365
Info
BIND Validator Self Checking Remote Denial Of Service Vulnerability
| Bugtraq ID: | 12365 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2005-0034 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 26 2005 12:00AM |
| Updated: | Jul 12 2009 10:06AM |
| Credit: | Joao Damas of the Internet Systems Consortium is credited with the disclosure of this issue. |
| Vulnerable: |
Trustix Secure Linux 2.2 Trustix Secure Linux 2.1 Trustix Secure Linux 1.5 Trustix Secure Enterprise Linux 2.0 Mandriva Linux Mandrake 10.1 x86_64 Mandriva Linux Mandrake 10.1 ISC BIND 9.3 FreeBSD FreeBSD 5.3 -STABLE FreeBSD FreeBSD 5.3 -RELENG FreeBSD FreeBSD 5.3 -RELEASE FreeBSD FreeBSD 5.3 FreeBSD FreeBSD 5.0 -RELENG |
| Not Vulnerable: |
ISC BIND 9.3.1 |
Discussion
BIND Validator Self Checking Remote Denial Of Service Vulnerability
A remote denial of service vulnerability affects BIND. This issue is due to a failure of the application to handle exceptional network data.
It should be noted that this issue requires that DNSSEC validation is enabled, which is not the case by default.
A remote attacker may leverage this issue to cause the affected server to crash, denying service to legitimate users.
A remote denial of service vulnerability affects BIND. This issue is due to a failure of the application to handle exceptional network data.
It should be noted that this issue requires that DNSSEC validation is enabled, which is not the case by default.
A remote attacker may leverage this issue to cause the affected server to crash, denying service to legitimate users.
Exploit / POC
BIND Validator Self Checking Remote Denial Of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
BIND Validator Self Checking Remote Denial Of Service Vulnerability
Solution:
The vendor has released an upgrade dealing with this issue.
Mandrake Linux have released an advisory (MDKSA-2005:023) and fixes to address this vulnerability. Customers are advised to read the referenced advisory for further information in regards to obtaining and applying appropriate updates.
Trustix has released advisory TSLSA-2005-0003 to address various issues in multiple products. Please see the referenced advisory for more information.
FreeBSD has released advisory FreeBSD-SA-05:12.bind9, along with a patch to address this issue. Please see the referenced advisory for further information.
FreeBSD FreeBSD 5.3 -RELEASE
FreeBSD FreeBSD 5.3 -RELENG
FreeBSD FreeBSD 5.3
FreeBSD FreeBSD 5.3 -STABLE
ISC BIND 9.3
Solution:
The vendor has released an upgrade dealing with this issue.
Mandrake Linux have released an advisory (MDKSA-2005:023) and fixes to address this vulnerability. Customers are advised to read the referenced advisory for further information in regards to obtaining and applying appropriate updates.
Trustix has released advisory TSLSA-2005-0003 to address various issues in multiple products. Please see the referenced advisory for more information.
FreeBSD has released advisory FreeBSD-SA-05:12.bind9, along with a patch to address this issue. Please see the referenced advisory for further information.
FreeBSD FreeBSD 5.3 -RELEASE
-
FreeBSD bind9.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:12/bind9.patch
FreeBSD FreeBSD 5.3 -RELENG
-
FreeBSD bind9.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:12/bind9.patch
FreeBSD FreeBSD 5.3
-
FreeBSD bind9.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:12/bind9.patch
FreeBSD FreeBSD 5.3 -STABLE
-
FreeBSD bind9.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:12/bind9.patch
ISC BIND 9.3
-
ISC BIND 9.3.1
http://www.isc.org/index.pl -
Mandrake bind-9.3.0-3.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake bind-9.3.0-3.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake bind-devel-9.3.0-3.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake bind-devel-9.3.0-3.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake bind-utils-9.3.0-3.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake bind-utils-9.3.0-3.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Trustix bind-devel-9.3.0-6tr.i586.rpm
Trustix Secure Linux 2.2
ftp://ftp.trustix.org/pub/trustix/updates/ -
Trustix bind-libs-9.3.0-6tr.i586.rpm
Trustix Secure Linux 2.2
ftp://ftp.trustix.org/pub/trustix/updates/ -
Trustix bind-light-9.3.0-6tr.i586.rpm
Trustix Secure Linux 2.2
ftp://ftp.trustix.org/pub/trustix/updates/ -
Trustix bind-light-devel-9.3.0-6tr.i586.rpm
Trustix Secure Linux 2.2
ftp://ftp.trustix.org/pub/trustix/updates/ -
Trustix bind-utils-9.3.0-6tr.i586.rpm
Trustix Secure Linux 2.2
ftp://ftp.trustix.org/pub/trustix/updates/
References
BIND Validator Self Checking Remote Denial Of Service Vulnerability
References:
References: