ISC BIND Query_AddSOA Denial Of Service Vulnerability
BID:23738
Info
ISC BIND Query_AddSOA Denial Of Service Vulnerability
| Bugtraq ID: | 23738 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-2241 |
| Remote: | Yes |
| Local: | No |
| Published: | May 01 2007 12:00AM |
| Updated: | Mar 13 2008 02:21AM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Redhat Fedora 7 OpenPKG OpenPKG Stable OpenPKG OpenPKG E1.0-Solid OpenPKG OpenPKG Current Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 ISC BIND 9.5 a2 ISC BIND 9.5 a1 ISC BIND 9.4 ISC BIND 9.5.0a3 |
| Not Vulnerable: |
ISC BIND 9.4.1 ISC BIND 9.5.0a4 |
Discussion
ISC BIND Query_AddSOA Denial Of Service Vulnerability
ISC BIND is prone to a denial-of-service vulnerability because it fails to handle certain sequences of malicious queries.
NOTE: Only applications configured with the 'recursion' directive/attribute enabled are vulnerable to this issue.
An attacker can exploit this issue to cause the application to exit, denying service to legitimate users.
ISC BIND 9.40, 9.5.0a1, 9.5.0a2, and 9.5.0a3 are vulnerable.
ISC BIND is prone to a denial-of-service vulnerability because it fails to handle certain sequences of malicious queries.
NOTE: Only applications configured with the 'recursion' directive/attribute enabled are vulnerable to this issue.
An attacker can exploit this issue to cause the application to exit, denying service to legitimate users.
ISC BIND 9.40, 9.5.0a1, 9.5.0a2, and 9.5.0a3 are vulnerable.
Exploit / POC
ISC BIND Query_AddSOA Denial Of Service Vulnerability
To exploit this issue, an attacker must be able to execute queries on a vulnerable BIND server.
To exploit this issue, an attacker must be able to execute queries on a vulnerable BIND server.
Solution / Fix
ISC BIND Query_AddSOA Denial Of Service Vulnerability
Solution:
The vendor has released fixes to address this issue. Please see the references for more information.
ISC BIND 9.4
Solution:
The vendor has released fixes to address this issue. Please see the references for more information.
ISC BIND 9.4
-
ISC bind-9.4.1.tar.gz
ftp://ftp.isc.org/isc/bind9/9.4.1/bind-9.4.1.tar.gz -
ISC BIND9.4.1.zip Windows Binary Kit
ftp://ftp.isc.org/isc/bind9/9.4.1/BIND9.4.1.zip -
Mandriva bind-9.4.1-0.1mdv2007.1.i586.rpm
Mandriva Linux 2007.1:
http://www.mandriva.com/en/download -
Mandriva bind-9.4.1-0.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download -
Mandriva bind-devel-9.4.1-0.1mdv2007.1.i586.rpm
Mandriva Linux 2007.1:
http://www.mandriva.com/en/download -
Mandriva bind-devel-9.4.1-0.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download -
Mandriva bind-utils-9.4.1-0.1mdv2007.1.i586.rpm
Mandriva Linux 2007.1:
http://www.mandriva.com/en/download -
Mandriva bind-utils-9.4.1-0.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download
References
ISC BIND Query_AddSOA Denial Of Service Vulnerability
References:
References: