copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » Security Bul... » AusCERT Exte... » ESB-2011.0110 - [NetBSD] BIND: Denial of service - R...
 

ESB-2011.0110 - [NetBSD] BIND: Denial of service - Remote/unauthenticated
Date: 03 February 2011
References: ASB-2010.0244  ESB-2010.1121  ESB-2010.1125.2  ESB-2010.1167  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2011.0110
            BIND DoS due to improper handling of RRSIG records
                              3 February 2011

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          BIND
Publisher:        NetBSD
Operating System: NetBSD
Impact/Access:    Denial of Service -- Remote/Unauthenticated
Resolution:       Patch/Upgrade
CVE Names:        CVE-2010-3613  

Reference:        ASB-2010.0244
                  ESB-2010.1167
                  ESB-2010.1125.2
                  ESB-2010.1121

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		 NetBSD Security Advisory 2011-001
		 =================================

Topic:		BIND DoS due to improper handling of RRSIG records


Version:	NetBSD-current:		affected prior to 20101203
		NetBSD 5.1:		affected prior to 20110111
		NetBSD 5.0:		affected prior to 20110111
		NetBSD 4.0.*:		affected prior to 20110124
		NetBSD 4.0:		affected prior to 20110124
		pkgsrc:			net/bind97 package prior to 20101203


Severity:	Denial of Service


Fixed:		NetBSD-current:		Dec 2nd, 2010
		NetBSD-5-1 branch:	Jan 10th, 2011
		NetBSD-5-0 branch:	Jan 10th, 2011
		NetBSD-5 branch:	Jan 6th, 2011
		NetBSD-4-0 branch:	Jan 23rd, 2011
		NetBSD-4 branch:	Jan 23rd, 2011
		pkgsrc net/bind97:	bind-9.7.2pl3 corrects this issue
		pkgsrc net/bind96:	bind-9.6.2pl3 corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

Failure to clear existing RRSIG records when a NO DATA is negatively
cached could cause subsequent lookups to crash named.

This vulnerability has been assigned CVE-2010-3613 and CERT
Vulnerability Note VU#706148.


Technical Details
=================

Adding certain types of signed negative responses to the cache
doesn't clear any matching RRSIG records already in the cache.  A
subsequent lookup of the cached data can cause named to crash
(INSIST).

This vulnerability affects recursive nameservers irrespective of
whether DNSSEC validation is enabled or disabled.  Exploitation
requires a DNS client authorized to use the nameserver for recursion
requesting information about a specially prepared zone not on the
same nameserver.


Solutions and Workarounds
=========================

We suggest fixing this vulnerability by using the current net/bind97
pkgsrc package instead of the in-system bind until the entire system
can be updated (eg to the next security/critical release, or a binary
snapshot from http://nyftp.netbsd.org/pub/NetBSD-daily/ from past the
fix date).


Thanks To
=========

Thanks to the Internet Systems Consortium for reporting this
vulnerability.  Thanks to Christos Zoulas for fixing this issue in
- - -current.  Thanks to Petra Zeidler for preparing the pullups to
fix this issue on the branches.


Revision History
================

	2011-02-01	Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at 
  http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .

Copyright 2011, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2011-001.txt,v 1.1 2011/02/01 22:03:34 tonnerre Exp $

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (NetBSD)

iQIcBAEBAgAGBQJNSIjqAAoJEAZJc6xMSnBu3GQQAIiJ4rrAGtIuuJNdLJJMC0LB
3JhOG8c2+926KGQm+hZ90WDaKe8GxMie5GvXFHtX0ChvGtuVBQj18OAtwHjw1Dfh
j4erCmZF4KBNiK1IqUeQ1UM3DV3pT0zt/+uY/XzrCy/ppNK4tmY5+levWr/eMLpH
+utiNjvxU3/7cmChreypDbO8wkOABypCbELJBpJY1EgBFG+IZdlKVTKDWq0GRAnh
x+QQbJVpVAmzp5jwr99jJe66syqqE8za/giaFjwfeI6pSMNTsd9BjyOfu4KdlNQr
d4zvjeR/euFynwX4zq+pa6avgBxO+isJJPW/sDMfUN3+W9OctIm5/ghLzerxflo2
W+WdhtaoloBA5dmW/dI6HePZ8ht/Zb7p911BjxBDwKiTJ/Ae9uOjuuox89k8rvo6
wjJ/G9mlRAyAMhJyyEzhx0oaINVPH0rANYsGe5C+3DTB4mGiIsdwemNXC5MEd8gy
+Hj9d3GNB5wQlzEm6wxxnSsqcHJlJlr1wiDnxbQzvLi8e73FWjPvlD7vsHeiSxcT
wWOmu4HOoI4n0E3JE0JBUJJtHsn2RcNbvkj1Jk8txR7c0eL8TdI6MxRlmVzYaMi3
vpsIPxrzBdfZz9SernAbKPOBOzcoVKrMgo5Za+0Q4bOqw/rCrHzb3/MMtkDFN6Jp
JjIAmNPGq2EhJkk3gRmq
=WX9T
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFNSgXV/iFOrG6YcBERAkDjAJ9fN66H0udHXzmA51moYbjBb9lL8gCg23zf
Po8iHsgxXVheaF2RNKi8aZw=
=kgYz
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/13901