BIND Security Advisories

BIND 9 Resolver crashes after logging an error in query.c

Summary: 
Organizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))" Multiple versions were reported being affected, including all currently supported release versions of ISC BIND 9. ISC is actively investigating the root cause and has produced patches which prevent the crash. Further information will be made available soon.
CVE: 
CVE-2011-4313
Document Version: 
2.0.1
Posting date: 
16 Nov 2011
Program Impacted: 
BIND
Versions affected: 
BIND 9.0.x -> 9.6.x , 9.4-ESV->9.4-ESV-R5, 9.6-ESV->9.6-ESV-R5, 9.7.0->9.7.4, 9.8.0->9.8.1, 9.9.0a1->9.9.0b1
Severity: 
Serious
Exploitable: 
Remotely

ISC BIND 9 Remote packet Denial of Service against Authoritative and Recursive Servers

Summary: 
A specially constructed packet will cause BIND 9 ("named") to exit, affecting DNS service.
CVE: 
CVE-2011-2464
Document Version: 
2.1
Posting date: 
05 Jul 2011
Program Impacted: 
BIND
Versions affected: 
9.6.3, 9.6-ESV-R4, 9.6-ESV-R4-P1, 9.6-ESV-R5b1 9.7.0, 9.7.0-P1, 9.7.0-P2, 9.7.1, 9.7.1-P1, 9.7.1-P2, 9.7.2, 9.7.2-P1, 9.7.2-P2, 9.7.2-P3, 9.7.3, 9.7.3-P1, 9.7.3-P2, 9.7.4b1 9.8.0, 9.8.0-P1, 9.8.0-P2, 9.8.0-P3, 9.8.1b1
Severity: 
High
Exploitable: 
Remotely

ISC BIND 9 Remote Crash with Certain RPZ Configurations

Summary: 
Two defects were discovered in ISC's BIND 9 code. These defects only affect BIND 9 servers which have recursion enabled and which use a specific feature of the software known as Response Policy Zones (RPZ) and where the RPZ zone contains a specific rule/action pattern.
CVE: 
CVE-2011-2465
Document Version: 
2.1
Posting date: 
05 Jul 2011
Program Impacted: 
BIND
Versions affected: 
9.8.0, 9.8.0-P1, 9.8.0-P2 and 9.8.1b1 Other versions of BIND 9 not listed here are not vulnerable to this problem.
Severity: 
High
Exploitable: 
Remotely

Large RRSIG RRsets and Negative Caching can crash named

Summary: 
A BIND 9 DNS server set up to be a caching resolver is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache a response. This can cause the BIND 9 DNS server (named process) to crash.
CVE: 
CVE-2011-1910
CERT: 
VU#795694
Document Version: 
1.5
Posting date: 
26 May 2011
Program Impacted: 
BIND
Versions affected: 
9.4: 9.4-ESV-R3, -R4, -R5b1 9.5: 9.5.3b1, 9.5.3rc1 (end-of-life) 9.6: 9.6.3, 9.6-ESV-R2, -R3, -R4, -R5b1 9.7: 9.7.1, 9.7.1-P1, -P2, 9.7.2, 9.7.2-P1, -P2, -P3, 9.7.3, 9.7.4b1 9.8: 9.8.0, 9.8.0-P1, 9.8.1b1
Severity: 
High
Exploitable: 
remotely

RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones

Summary: 
When a name server is configured with a response policy zone (RPZ), queries for type RRSIG can trigger a server crash.
CVE: 
CVE-2011-1907
Document Version: 
1.1
Posting date: 
05 May 2011
Program Impacted: 
BIND
Versions affected: 
9.8.0
Severity: 
High
Exploitable: 
remotely
Attachments
application/pdf icon
Response Policy Zones for the (not just) Domain Name System (DNS RPZ)
application/pdf icon
DNS Response Policy Zone
Share this