National
Infrastructure Protection Center
"ISC BIND 9 DoS
Vulnerability"
Advisory 02-004
4
June 2002
The CERT Coordination Center (CERT/CC) has issued an advisory on a new
vulnerability in the Internet Software Consortium's (ISC) Berkeley Internet
Name Domain (BIND). The vulnerability is in version 9 and below.
Exploitation of this vulnerability will cause vulnerable BIND server(s) to
abort and shut down. After this shutdown, the daemon must be manually
restarted. This shut down could cause a Denial-of-Service (DoS) effect on
other related services that depend on the proper operation of Domain Name
System (DNS). Due to the ease of exploiting this vulnerability, the
National Infrastructure Protection Center (NIPC) strongly urges the
community to take recommended actions to patch or upgrade their version of
BIND.
Description:
BIND is an implementation of the DNS that is maintained by the ISC. The
error condition that triggers the shutdown occurs when the rdataset
parameter to the dns_message_findtype function in message.c is not "NULL" as
expected. The condition causes the code to issue an error message and
system request to shutdown the BIND server. See CERT/CC for more detailed
information on the vulnerability at: http://www.cert.org/advisories.
Recommended Actions:
The NIPC strongly urges the community to take recommended actions to either
apply patches from their vendors or upgrade their version of BIND 9 to
version 9.2.1. For mitigation strategies, as well as up-to-date vendor
information please refer to the BIND page, found here:
http://www.isc.org/products/BIND/ . The CERT/CC webpage has provided an
appendix to its Advisory that contains information provided by the vendors
(http://www.cert.org/advisories/).
The NIPC encourages recipients of this alert to report computer intrusions
to their local FBI office (http://www.fbi.gov/contact/fo/fo.htm) or the
NIPC, and to other appropriate authorities. Recipients may report incidents
online at http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC
Watch and Warning Unit at (202) 323-3205, 1-888-585-9078 or
[EMAIL PROTECTED]
******************************************************************
THE OFFICE OF CRITICAL INFRASTRUCTURE PROTECTION AND EMERGENCY PREPAREDNESS
*****************
ADVISORY
*****************
Number: AV02-028
Date: 4 June 2002
**************************************************
Vulnerability - Denial of Service Vulnerability in ISC BIND 9
**************************************************
PURPOSE
The CERT/CC is reporting a denial of service vulnerability in Domain Name
System (DNS) servers running ISC BIND 9 prior to 9.2.1.
ASSESSMENT
A vulnerability in ISC BIND version 9 (ISC BIND versions 8 and 4 are not
affected) allows a remote attacker to shutdown the DNS server by sending a
specific DNS packet designed to trigger an internal consistency check. This
vulnerability, however, does not allow the attacker to execute arbitrary
code on the vulnerable system.
OCIPEP has not received any reports of this vulnerability being exploited in
Canadian systems. OCIPEP will continue monitoring all available sources of
information about this vulnerability and will provide updated information
should the potential for impact increase.
SUGGESTED ACTION
Please refer to the following links for additional information:
http://www.cert.org/advisories/CA-2002-15.html
http://www.kb.cert.org/vuls/id/739123
CONTACT US
For urgent matters or to report any incidents, please contact OCIPEP's
Emergency Operations Centre at:
Phone: (613) 991-7000
Fax: (613) 996-0995
Secure Fax: (613) 991-7094
Email: [EMAIL PROTECTED]
For general information, please contact OCIPEP's Communications Division at:
Phone: (613) 991-7035 or 1-800-830-3118
Fax: (613) 998-9589
Email: [EMAIL PROTECTED]
Web Site: www.ocipep-bpiepc.gc.ca
NOTICE TO READERS
When the situation warrants, OCIPEP issues Advisories to communicate
information about potential, imminent or actual threats, vulnerabilities or
incidents assessed by OCIPEP as limited in scope but having possible impact
on the Government of Canada or other sectors of Canada's critical
infrastructure. Recipients are encouraged to consider the real or possible
impact on their organisation of the information presented in the Advisory,
and to take appropriate action.
OCIPEP publications are based on information obtained from a variety of
sources. The organisation makes every reasonable effort to ensure the
accuracy, reliability, completeness and validity of the contents in its
publications. However, it cannot guarantee the veracity of the information
nor can it assume responsibility or liability for any consequences related
to that information. It is recommended that OCIPEP publications be carefully
considered within a proper context and in conjunction with information
available from other sources, as appropriate.
Unauthorized use of computer systems and mischief in relation to data are
serious Criminal Code offences in Canada. Upon conviction of an indictable
offence, an individual is liable to imprisonment for a term not to exceed
ten years. All offences should be reported immediately to your local police
service.
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
