Signature Detail
Short Name |
DNS:RRSIG-QUERY |
|---|---|
Severity |
Low |
Recommended |
Yes |
Category |
DNS |
Keywords |
RRSIG Query |
Release Date |
2011/07/18 |
Update Number |
1956 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
DNS: RRSIG Query
This signature detects DNS RRSIG queries. RRSIG queries are used by the DNS-SEC specification to securely confirm valid DNS records. Recent security vulnerabilities in ISC BIND's implementation of DNS-SEC are leveraged by RRSIG queries, which are site-configuration-specific. A generic detection signature, other than detecting all RRSIG queries, is not possible. RRSIG queries are not inherently malicious.
Extended Description
ISC BIND is prone to multiple remote denial-of-service vulnerabilities under certain response policy zone (RPZ) configurations. An attacker can exploit these issues to cause the application process to crash, denying service to legitimate users.
Affected Products
- ISC Bind 9.8.0
- ISC Bind 9.8.0-P1
- ISC Bind 9.8.0-P2
- ISC Bind 9.8.1b1
- Red Hat Fedora 15
- SuSE openSUSE 11.3
- SuSE openSUSE 11.4
- SuSE SUSE Linux Enterprise Desktop 10 SP4
- SuSE SUSE Linux Enterprise Desktop 11 SP1
- SuSE SUSE Linux Enterprise SDK 10 SP4
- SuSE SUSE Linux Enterprise SDK 11 SP1
- SuSE SUSE Linux Enterprise Server 10 SP4
- SuSE SUSE Linux Enterprise Server 11 SP1
References
- BugTraq: 48566
- BugTraq: 48565
- CVE: CVE-2011-2464
- CVE: CVE-2011-2465
- URL: http://www.rfc-ref.org/RFC-TEXTS/4034/