[v2.3] bind: A recursive resolver can be crashed by a query for a malformed zone (CVE-2013-3919)
BIND 9.6-ESV-R9, 9.8.5, and 9.9.3 are affected
Versions 9.6.0 through 9.6-ESV-R8, 9.8.0 through 9.8.4-P2, and 9.9.0 through 9.9.2-P2 ARE NOT affected.
Other major branches of BIND (e.g. 9.7, 9.5, etc) are not vulnerable but they are no longer supported by ISC and may lack other important security fixes.
A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal “RUNTIME_CHECK” error in resolver.c
Triggering this defect will cause the affected server to exit with an error, denying service to recursive DNS clients that use that particular server.
CVSS Score: 7.8
CVSS Equation: (AV:N/AC:L/Au:N/C:N/I:N/A:C)
For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=%28AV:N/AC:L/Au:N/C:N/I:N/A:C%29
At the time of this advisory no intentional exploitation of this bug has been observed in the wild. However, the existence of the issue has been disclosed on an open mailing list with enough accompanying detail to reverse engineer an attack and ISC is therefore treating this as a Type II (publicly disclosed) vulnerability, in accordance with our Phased Disclosure Process.
New versions of BIND are being provided which contain a fix for the defect. The recommended solution is to upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://ftp.isc.org/isc/bind9
BIND 9 version 9.9.3-P1
BIND 9 version 9.8.5-P1
BIND 9 version 9.6-ESV-R9-P1
Document Revision History:
1.0 Type II Public Disclosure, 04 June, 2013
See our BIND Security Matrix for a complete listing of Security Vulnerabilities and versions affected.
If you’d like more information on our product support please visit www.isc.org/support.
Do you still have questions? Questions regarding this advisory should go to firstname.lastname@example.org
Note: ISC patches only currently supported versions. When possible we indicate EOL versions affected.
ISC Security Vulnerability Disclosure Policy: Details of our current security advisory policy and practice can be found here: ISC Software Defect and Security Vulnerability Disclosure Policy
This Knowledge Base article https://kb.isc.org/article/AA-00967 is the complete and official security advisory document.
(from redmine: issue id 2070, created on 2013-06-05, closed on 2013-06-10)
- parent #2066 (closed)
- Revision b788ec62 by Natanael Copa on 2013-06-05T08:49:32Z:
main/bind: security upgrade to 9.8.5_p1 (2013-3919) fixes #2070