Date: 03 August 2011
References: ESB-2011.0568 ESB-2011.0694 ASB-2011.0072 ESB-2011.0986 ESB-2011.1034 ESB-2011.1088.4
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2011.0061
A number of vulnerabilities have been identified in BIND
3 August 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: BIND
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2011-2464 CVE-2011-1910
Member content until: Friday, September 2 2011
Reference: ESB-2011.0694
ESB-2011.0568
OVERVIEW
A number of vulnerabilities have been identified in BIND prior to
versions BIND 9.6-ESV-R5 and 9.7.4. [1, 2]
IMPACT
The vendor has provided the following details regarding these
vulnerabilities:
"* named, set up to be a caching resolver, is vulnerable to a user
querying a domain with very large resource record sets (RRSets)
when trying to negatively cache the response. Due to an off-by-one
error, caching the response could cause named to crash. [RT #24650]
[CVE-2011-1910]
* Change #2912 (see CHANGES) exposed a latent bug in the DNS message
processing code that could allow certain UPDATE requests to crash
named. [RT #24777] [CVE-2011-2464]" [1]
MITIGATION
The vendor recommends upgrading to the latest version of BIND. [1, 2]
REFERENCES
[1] BIND 9.7.4 is the current production release of BIND 9.7
ftp://ftp.isc.org/isc/bind9/9.7.4/RELEASE-NOTES-BIND-9.7.4.html
[2] BIND 9.6-ESV-R5 is the current production release of BIND 9.6
ftp://ftp.isc.org/isc/bind9/9.6-ESV-R5/RELEASE-NOTES-BIND-9.6-ESV.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTjjQFO4yVqjM2NGpAQKq2BAArCnSyqhAu18aSO2V9fjF1KY0guh3BeEn
jCyvMCt49uWfWv1SC9PDW7QZH/+j50pF6fL1S6xXtdxnlVC5jgWYDvqx2QRcOnif
Ngw8k55WAMox29brp0RLcEoK7e1Hsj9kqjcd6ULdQmTQN1QJYnDBUa3DTcUg432H
moeqGAXdmffY2+84K2PCFWDwxIGWlEphMarqQs14LQKYbgqBCPwWsk6o6rjhBlUb
CvsWC2e7Shmn7dPzBrtGIdk5QJZmrayhjGIEtYXPFZR8dK83duE2vCmKz8cDMZ2/
u/XL5SI9TYQniNuRVII/Qm6K60srIDOLft4PTGWbhFWxvv5OE6eeZVODrDC46Fso
7mGhnM4fkNMrVrY5p7lKIxixgpD8JSeYQ8EfwusSzoZzXmfiYpPgSSqm8qAoLKP2
ooNBl70obP0GJlZKpE8Tehpu4tXclLCf5nDLcu3cQNuaGKmUAc7sYrakKO1qn1Gi
7aCAT5Jlb5wlebSt7KI0tjMdyuQk92A3f3kqWQjxesgab80sT6rgSaW2mQinYiTU
IrAsghGfatnaAftCn+eMjQ7hyGxGLqf6wZOrw0dB+IHVk0aOa1wb0J44Y0lOIPPq
a9sqAOnCYi7KibvRyUETn7RFTlJJ6nsnpqWt3uPW7CUCtPB94smGaWSLux0xRGRU
sZJI7w5h9BQ=
=RGkc
-----END PGP SIGNATURE-----
|