Remote BIND 9 DoS Vulnerability Patched

By Denys Ma at 30 July, 2009, 5:26 pm

A new, remotely exploitable denial-of-service (DoS) vulnerability affecting BIND Version 9 was reported by ISC on July 28. It’s also reported that exploits have been seen in the wild. Because BIND is widely used, these attacks can affect many critical infrastructures. Here’s a little description of the problem.

The vulnerability exists in the DNS dynamic-update request message. Dynamic update (RFC 2136) was implemented in DNS to deal with constantly updating DNS records in various DNS servers. The individual DNS servers can send update messages back to the DNS zone master so that the master record can remain current. Each update message should contain at least a zone record, a prerequisite record, and an update record. The zone record specifies which zone the update message is for. Only the zone master can update the record for itself. The prerequisite record specifies the condition in which the server should check before updating, and the update record contains the updated record.

An example configuration a set of DNS servers for a particular zone.

The vulnerability that was reported yesterday exists due to the improper handling of a specially crafted DNS dynamic-update query. There are two conditions in the update query that need to be met for this packet to trigger the vulnerability: The victim’s DNS server must be the master of the zone specified in the update query packet; and the update query packet consists of a prerequisite record with the type “ANY.” ANY is not expected in any resource record because it’s defined only as a question type. The victim’s DNS server cannot handle this condition and shuts itself down. The attacker can cause a denial-of-service on the vulnerable DNS server with just one UDP packet. In fact, the attack will succeed even if dynamic update is disabled on the victim’s DNS server.

Patches are available from ISC for BIND Versions 9.4.3-P3, 9.5.1-P3, and 9.6.1-P1. Users and administrators should apply these patches immediately because the exploit is public.

McAfee Network Security Platform detects this attack using the signature set released on July 30 with the signature “DNS: ISC BIND 9 Dynamic Update Denial-of-Service Vulnerability.”

(No Ratings Yet)

Loading ...

No comments yet.

Sorry, the comment form is closed at this time.

Computer Repair Service Scam

Advertisment

Recent Comments

John M: You need to develop a good reputation. Dont expect that bus...
Arnak: Hi, Answer is A. Arnak...
bostonianinmo: Yes, labor is generally taxable in Texas and labor for repai...
timjm009: a 1 ampere...
Chickster: The virus is preventing you from any Administrative tasks. (...

Windows & Blog

Join us for a full day of free technical deep dive sessions into the tools, solutions and options that can help you better deploy and manage your desktops, from Windows 7 and Office 2010 to Windows Intune and Microsoft Desktop Optimization Pack. […]

Now on Demand: Virtual Roundtable - Is Windows XP Good Enough? April 18, 2011

Get the real story on the differences between Windows XP and Windows 7, migration challenges, compatibility, and readiness. […]

Windows Intune Available - Get Started With Your 30-Day Trial March 23, 2011

Download a 30-day trial and see how Windows Intune can help you better manage and secure PCs using Windows cloud services and Windows 7—so your computers and users can operate at peak performance, from virtually anywhere. […]

Microsoft Desktop Virtualization Customer Roundtable - Now On Demand March 17, 2011

Curious about desktop virtualization? Hear real stories and insights on how IT can empower end users with Microsoft Desktop Virtualization solutions from Gartner Analyst Mike Sliver and a panel of IT leaders from Kraft, Login Consultants, and Microsoft among others. […]

Windows Internet Explorer 9 Released to Web March 15, 2011

Check out the latest features for IT professionals, and get guidance to help you pilot and deploy this enterprise-ready browser in your organization with the Springboard Series for Internet Explorer 9. […]

Deployment Guide for Windows Server 2008 R2 with SP1 and Windows 7 with SP1 March 10, 2011

Get technical information, procedures, and recommendations for installing deploying Windows Server 2008 R2 or Windows 7 with SP1 in a business or corporate environment. […]

Technical Talks with Tim Vander Kooi: Windows 7 Deployment - I Want My MDT March 8, 2011

Tune in for a discussion on how to make deploying Windows 7 in your organization easier. Learn how to leave your old imaging software—as well as mountains of old machine-specific images—behind and get tips, tools, and advice to help you avoid "gotchas" during deployment. […]

Remote BIND 9 DoS Vulnerability Patched

Security Tools Downloads

Maintenance Tools Downloads

Windows BootDisk - Startup

Utility Boot CD

Windows Password Reset

NYC Computer Repair Service

Computer Repair Service Scam

Advertisment

Recent Comments

Most Commented

Windows & Blog

Remote BIND 9 DoS Vulnerability Patched

Security Tools Downloads

Maintenance Tools Downloads

Windows BootDisk - Startup

Utility Boot CD

Windows Password Reset

NYC Computer Repair Service

Computer Repair Service Scam

Subscribe

Advertisment

Recent Comments

Most Commented

NYC Computer Repair Tag

Windows & Blog