Signature Detail
Short Name |
DNS:EXPLOIT:EXPLOIT-BIND9-RT |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop Packet |
Category |
DNS |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
DNS: BIND 9 RT Record Reply Exploit
This protocol anomaly is an rdataset parameter to the dns_message_findtype() function in message.c that is not NULL. In BIND 9 (up to 9.2.0), attackers can cause a shutdown on an assertion failure. Note: Common queries in routine operations (such as SMTP queries) can trigger this anomaly.
Extended Description
BIND is a server program that implements the domain name service protocol. It is in extremely wide use on the Internet, in use by most of the DNS servers. A vulnerability has been reported in some versions of BIND 9. Under some circumstances, the name server named may fail an internal consistancy check. As a result, the server will shut down, and is no longer available to respond to further DNS requests. It has been reported that some HP products may ship with vulnerable versions of BIND 9, as does Caldera Open UNIX.
Affected Products
- ISC Bind 9.2
- ISC BIND 9.0.0
- ISC BIND 9.1.0
- ISC BIND 9.1.1
- ISC BIND 9.1.2
- ISC BIND 9.1.3
- ISC BIND 9.2.0
References
- BugTraq: 4936
- CERT: CA-2002-15
- CVE: CVE-2002-0400
- URL: http://www.kb.cert.org/vuls/id/739123