Date: 17 November 2011
References: ESB-2011.1155 ESB-2011.1161 ESB-2011.1175 ASB-2011.0108 ESB-2011.1182 ESB-2011.1192.3 ASB-2011.0110.2 ESB-2011.1259 ESB-2012.0019 ESB-2012.0021
ESB-2012.0553 ASB-2012.0093 ASB-2012.0171 ESB-2013.0202
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2011.0102
New vulnerability found and patched in BIND
17 November 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: BIND
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2011-4313
Member content until: Saturday, December 17 2011
Reference: ESB-2011.1155
Comment: This vulnerability is being actively exploited.
Vendors will likely be releasing patches shortly, Debian has already
released the patch (see: ESB-2011.1155).
OVERVIEW
A denial of service vulnerability has been identified in all current
versions of BIND 9. [1]
IMPACT
Various organisations have reported to ISC that their BIND 9 servers
have been crashing after performing recursive queries. ISC has stated
that the problem is that BIND would cache an invalid record for which
subsequent queries would trigger the crash. [1]
MITIGATION
ISC has released mitigation patches that help mitigate this. The
patches stop the inconsistent data from being returned from the cache
and also detect and prevent a crash if the inconsistent data is found. [1]
The patched versions of BIND are:
- BIND 9.8.1-p1
- BIND 9.7.4-p1
- BIND 9.6-ESV-R5-p1
- BIND 9.4-ESV-R5-p1
REFERENCES
[1] BIND 9 Resolver crashes after logging an error in query.c
https://www.isc.org/software/bind/advisories/cve-2011-4313
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTsRGw+4yVqjM2NGpAQJJohAAtFP/9dnJlaGVGx7DUyK8d/IbSK3c7+AJ
tCjE1zIA5Sg2crQLxhF3cwc94iVxKHu/cXC3ZBK3apOkfIkLgmlsPiNmtMFMNp7a
mNphxmY/eG1lOJWz+ohEV17rCiHSR7IK+DyDVwSkyVL5xesJvkHhteeDaLE0HwTc
ZKH53hf0BtkiDzKtGt2mVocyU9ykbMUxzznRamnsAnSZkyxQA/FS8vlv/BaGCuDR
VuMoUcYY774YMLMUeb4DZvtcaPUmXB/SI6QPIrhIXD2ajbqFdMA+WTYq5WFP4d8F
xAhwE7RzIaddzH7wfRH54+dQaduIJhyTjNdvLefs238jaoXYs8yqfECXeJBDLPuR
sQppTxMBvaRxjgKn6vg2IQRCiW6wjfHirkHdvYBBAyNBG2/vLTM8+Vr5N0YL5T3M
RBxie7EyAwSZODHrNq97TZ2XWezWSXh/eIO+Wzcc0Tco03ANVC+e344quaJ2FKBs
SmYzg/6f0C1R8QmppIEnzcdm+5drWahOVUh2Kn5dEBqF3Aj7p6QCQdbdMCAR3p2p
5YIk1KpBuXR8QYLn/lX4gmEuQN9ew0wb63D7gkGUQ5vNq7Nrvn+Bw5r2ZIbC/Z7q
yqwT3h6ROu2ZxG6pvWZaf+V2fdjPtQEC7inivRj9lX3yqX6ROCNW81Iaua7s0moj
Kexca9O/5lo=
=zvV8
-----END PGP SIGNATURE-----
|