BIND: Negative Cache DOS (negcache)

Summary: 
A maliciously configured name server can trick a resolver into caching false no-such-name responses for long periods of time.
CVE: 
CVE-2003-0914
CERT: 
VU#734644
Posting date: 
04 Feb 2004
Program Impacted: 
BIND
Versions affected: 
All versions prior to 8.4.3 and 8.3.7, except some vendor-only releases
Severity: 
Serious
Exploitable: 
Remotely
Description: 

An attacker would configure a name server to return authoritative negative responses for a given target domain. Then, the attacker must convince a victim user to query the attacker's maliciously configured name server. When the attacker's name server receives the query, it will reply with an authoritative negative response containing a large TTL (time-to-live) value. If the victim's site runs a vulnerable version of BIND 8, it will cache the negative response and render the target domain unreachable until the TTL expires.

Workarounds: 

Disable recursion if possible, or limit recursion to specific clients.

Active exploits: 
None known at this time.
Solution: 

Upgrade to BIND 8.4.3 or later

Share this