Date: 05 June 2012
References: ESB-2012.0520 ESB-2012.0522 ESB-2012.0545 ESB-2012.0639.2 ESB-2012.0681 ESB-2012.0696 ESB-2012.0899 ESB-2012.1026 ESB-2012.1093
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2012.0518
Handling of zero length rdata can cause named to terminate unexpectedly
5 June 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: BIND
Publisher: ISC
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service -- Remote/Unauthenticated
Access Privileged Data -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2012-1667
Original Bulletin:
http://www.isc.org/software/bind/advisories/cve-2012-1667
- --------------------------BEGIN INCLUDED TEXT--------------------
Handling of zero length rdata can cause named to terminate unexpectedly
Summary:
Processing of DNS resource records where the rdata field is zero length
may cause various issues for the servers handling them.
CVE: CVE-2012-1667
Document Version: 1.1
Posting date: 04 Jun 2012
Program Impacted: BIND
Versions affected: 9.0.x -> 9.6.x, 9.4-ESV->9.4-ESV-R5-P1, 9.6-ESV->9.6-ESV-R7,
9.7.0->9.7.6, 9.8.0->9.8.3, 9.9.0->9.9.1
Severity: Critical
Exploitable: Remotely
Description:
This problem was uncovered while testing with experimental DNS record
types. It is possible to add records to BIND with null (zero length)
rdata fields.
Processing of these records may lead to unexpected outcomes. Recursive
servers may crash or disclose some portion of memory to the client.
Secondary servers may crash on restart after transferring a zone
containing these records. Master servers may corrupt zone data if the
zone option "auto-dnssec" is set to "maintain". Other unexpected
problems that are not listed here may also be encountered.
Impact: This issue primarily affects recursive nameservers.
Authoritative nameservers will only be impacted if an administrator
configures experimental record types with no data. If the server is
configured this way, then secondaries can crash on restart after
transferring that zone. Zone data on the master can become corrupted if
the zone with those records has named configured to manage the DNSSEC
key rotation.
CVSS Score: 8.5
CVSS Equation: (AV:N/AC:L/Au:N/C:P/I:N/A:C)
For more information on the Common Vulnerability Scoring System and to
obtain your specific environmental score please visit:
http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:N/A
C:L/Au:N/C:P/I:N/A:C)
Workarounds:
Workarounds are under investigation, but none are known at this time.
Active exploits:
No known active exploits but a public discussion of the issue has taken
place on a public mailing list.
Solution:
Upgrade to BIND version 9.6-ESV-R7-P1, 9.7.6-P1, 9.8.3-P1, or 9.9.1-P1
Acknowledgment: Dan Luther, Level3 Communications, for finding the
issue, Jeffrey A. Spain, Cincinnati Day School, for replication and
testing.
Document Revision History:
1.0 Released to Public 4 June, 2012
1.1 Updated Severity to Critical
Related Document:
- Japanese Translation:
https://www.isc.org/advisories/cve-2012-1667-jp
- Spanish Translation:
https://www.isc.org/advisories/cve-2012-1667-es
- Do you have questions? Questions regarding this advisory should go to
security-officer@isc.org
This security advisory is also located in our KnowledgeBase:
https://kb.isc.org/article/AA-00698
See our BIND Security Matrix for a complete listing of Security
Vulnerabilites and versions affected.
Note: ISC patches only Currently supported versions. When possible
we indicate EOL versions affected.
ISC Security Vulnerability Disclosure Policy: Details of our current
security advisory policy and practice can be found here:
https://www.isc.org/security-vulnerability-disclosure-policy
Legal Disclaimer:
Internet Systems Consortium (ISC) is providing this notice on an "AS
IS" basis. No warranty or guarantee of any kind is expressed in this
notice and none should be implied. ISC expressly excludes and disclaims
any warranties regarding this notice or materials referred to in this
notice, including, without limitation, any implied warranty of
merchantability, fitness for a particular purpose, absence of hidden
defects, or of non-infringement. Your use or reliance on this notice or
materials referred to in this notice is at your own risk. ISC may
change this notice at any time. A stand-alone copy or paraphrase of the
text of this document that omits the document URL is an uncontrolled
copy. Uncontrolled copies may lack important information, be out of
date, or contain factual errors.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBT82c9u4yVqjM2NGpAQL2gg/9GHgDut8G0djZ9dY09JyWt7dwHbJyC4Fr
3CVF+ibpOjJGn47CDM1TO5Nj3eRW+hyWqBioAPpbcRk4NZcWlgWM5YA293TJev5H
Qx+rhfFqsjYGCd/9H2S3gGC5zN+URPWwfVkbpt4Q5qMYh5K8TZrli4vAXNGlBkoe
fF5yaelzW2KEEmqVmA3e2YGHW9ztioHSozuvdID1TXg7VmQOx2uHQ7ZiJCBrKFOu
RPPQRcBhOzTDBq5IerFtDS9zlrj12dlM4DrZ9MpoChJ5vjtDqFFxxWpNWUInlSoV
sFObpCHEK0rGNZViYgXL7PyZcpvX1cTa7ydrNgFwwZ2dsiAF8MLoqcyBX2B3ZgpZ
ICk6ah+rv/nj3nYAgS8tZQlFtdaoKQ2+VsAa+LZt1EHy0GJyldq9uD9Cra3HnIlz
sfp/zCdiw0QLtdE3oAqIBvi/Rcw0ITXwJWm+D+KccOz6iDAJeb4LCXZkQyQfDV1y
K5rkmRTXzEZVE8n01Ktq9oeYVemXOilvD/pTiAVzjVLD2+vckR0VzQKUk1y3I+Yq
WsnpjL/RYhNsfhvzUycc/KQHuAzcGd/UNYHoPgbbYjJeF5ix2JiMDjhvPSBC28e6
usWvySTx4Li7yldHZWz8zA3ZSA+uouKOAmtCU7ftP/YHZ72xCcR33fmFPJ57eXJE
zQqbrVpaD04=
=R0Ha
-----END PGP SIGNATURE-----
|