5 - VU#142646

Executive Summary

Summary
Title	ISC BIND 9 named denial of service vulnerability

Informations
Name	VU#142646	First vendor Publication	2011-07-05
Vendor	VU-CERT	Last vendor Modification	2011-07-20
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#142646

ISC BIND 9 named denial of service vulnerability

Overview

ISC BIND 9 contains a remote packet denial of service vulnerability when running as an authoritative or recursive server.

I. Description

According to ISC:

A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers. The code location of the defect makes it impossible to protect BIND using ACLs configured within named.conf or by disabling any features at compile-time or run-time.

A remote attacker would need to be able to send a specially crafted packet directly to a server running a vulnerable version of BIND. There is also the potential for an indirect attack via malware that is inadvertently installed and run, where infected machines have direct access to an organization's nameservers.

II. Impact

A remote, unauthenticated attacker can cause the named daemon to crash creating a denial of service condition.

III. Solution

Apply an update

Users who obtain BIND from a third-party vendor, such as their operating system vendor, should see the vendor information portion of this document for a partial list of affected vendors.

This vulnerability is addressed in ISC BIND versions 9.6-ESV-R4-P3, 9.7.3-P3 and 9.8.0-P4. Users of BIND from the original source distribution should upgrade to this version.

See also http://www.isc.org/software/bind/advisories/cve-2011-2464

Vendor Information

Vendor	Status	Date Notified	Date Updated
Debian GNU/Linux	Affected		2011-07-07
Internet Systems Consortium	Affected	2011-06-16	2011-07-05
Mandriva S. A.	Affected		2011-07-20
Red Hat, Inc.	Affected		2011-07-07

References

http://www.isc.org/software/bind/advisories/cve-2011-2464

Credit

Thanks to Internet Systems Consortium for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

Date Public:	2011-07-05
Date First Published:	2011-07-05
Date Last Updated:	2011-07-20
CERT Advisory:
CVE-ID(s):	CVE-2011-2464
NVD-ID(s):	CVE-2011-2464
US-CERT Technical Alerts:
Severity Metric:	17.85
Document Revision:	14

Original Source

Url : http://www.kb.cert.org/vuls/id/142646

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13028

Oval ID:	oval:org.mitre.oval:def:13028
Title:	DSA-2272-1 bind9 -- denial of service
Description:	It was discovered that BIND, a DNS server, does not correctly process certain UPDATE requests, resulting in a server crash and a denial of service. This vulnerability affects BIND installations even if they do not actually use dynamic DNS updates.
Family:	unix	Class:	patch
Reference(s):	DSA-2272-1 CVE-2011-2464	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	bind9
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND bind9 DPKG is earlier than 1:9.6.ESV.R4+dfsg-0+lenny3 OR Release section Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND Installed architecture is all AND bind9 DPKG is earlier than 1:9.7.3.dfsg-1~squeeze3

Definition Id: oval:org.mitre.oval:def:13997

Oval ID:	oval:org.mitre.oval:def:13997
Title:	HP-UX Running BIND, Remote Denial of Service (DoS)
Description:	Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2011-2464	Version:	12
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02719 HP Release B.11.23 AND filesets tests InternetSrvcs.INETSVCS-INETD is installed AND InternetSrvcs.INETSVCS-RUN is installed AND InternetSrvcs.INETSVCS2-RUN is installed AND NOT Patch PHNE_42727 is installed OR Criteria meets HP Security Bulletin HPSBUX02719 HP Release B.11.23 AND filesets tests BindUpgrade.BIND-UPGRADE version is less than C.9.3.2.9.0 AND BindUpgrade.BIND2-UPGRADE version is less than C.9.3.2.9.0 OR Criteria meets HP Security Bulletin HPSBUX02719 HP Release B.11.11 AND BINDv920.INETSVCS-BIND version is less than B.11.11.01.017 OR Criteria meets HP Security Bulletin HPSBUX02719 HP Release B.11.11 AND BindUpgrade.BIND-UPGRADE version is less than C.9.3.2.9.0 OR Criteria meets HP Security Bulletin HPSBUX02719 HP-UX B.11.31 AND filesets tests NameService.BIND-AUX version is less than C.9.3.2.10.0 AND NameService.BIND-RUN version is less than C.9.3.2.10.0

Definition Id: oval:org.mitre.oval:def:14181

Oval ID:	oval:org.mitre.oval:def:14181
Title:	USN-1163-1 -- bind9 vulnerability
Description:	bind9: Internet Domain Name Server An attacker could send crafted input to Bind and cause it to crash.
Family:	unix	Class:	patch
Reference(s):	USN-1163-1 CVE-2011-2464	Version:	5
Platform(s):	Ubuntu 11.04 Ubuntu 8.04 Ubuntu 10.04 Ubuntu 10.10	Product(s):	bind9
Definition Synopsis:
Release section Ubuntu 11.04 is installed AND Installed architecture is all AND libdns69 DPKG is earlier than 1:9.7.3.dfsg-1ubuntu2.2 OR Release section Ubuntu 8.04 is installed AND Installed architecture is all AND libdns36 DPKG is earlier than 1:9.4.2.dfsg.P2-2ubuntu0.8 OR Release section Ubuntu 10.04 is installed AND Installed architecture is all AND libdns64 DPKG is earlier than 1:9.7.0.dfsg.P1-1ubuntu0.3 OR Release section Ubuntu 10.10 is installed AND Installed architecture is all AND libdns66 DPKG is earlier than 1:9.7.1.dfsg.P2-2ubuntu0.4

Definition Id: oval:org.mitre.oval:def:22006

Oval ID:	oval:org.mitre.oval:def:22006
Title:	RHSA-2011:0926: bind security update (Important)
Description:	Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
Family:	unix	Class:	patch
Reference(s):	RHSA-2011:0926-02 CVE-2011-2464 CESA-2011:0926-CentOS 5	Version:	6
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	bind97 bind
Definition Synopsis:
Red Hat Enterprise Linux 5 and CentOS Linux 5 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section bind97 is earlier than 32:9.7.0-6.P2.el5_6.3 AND bind97-chroot is earlier than 32:9.7.0-6.P2.el5_6.3 AND bind97-devel is earlier than 32:9.7.0-6.P2.el5_6.3 AND bind97-libs is earlier than 32:9.7.0-6.P2.el5_6.3 AND bind97-utils is earlier than 32:9.7.0-6.P2.el5_6.3 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages match section bind is earlier than 32:9.7.3-2.el6_1.P3.2 AND bind-chroot is earlier than 32:9.7.3-2.el6_1.P3.2 AND bind-debuginfo is earlier than 32:9.7.3-2.el6_1.P3.2 AND bind-devel is earlier than 32:9.7.3-2.el6_1.P3.2 AND bind-libs is earlier than 32:9.7.3-2.el6_1.P3.2 AND bind-sdb is earlier than 32:9.7.3-2.el6_1.P3.2 AND bind-utils is earlier than 32:9.7.3-2.el6_1.P3.2

Definition Id: oval:org.mitre.oval:def:23343

Oval ID:	oval:org.mitre.oval:def:23343
Title:	ELSA-2011:0926: bind security update (Important)
Description:	Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
Family:	unix	Class:	patch
Reference(s):	ELSA-2011:0926-02 CVE-2011-2464	Version:	6
Platform(s):	Oracle Linux 6	Product(s):	bind97 bind
Definition Synopsis:
Oracle Linux 6.x rpm test bind is earlier than 32:9.7.3-2.el6_1.P3.2 AND bind-chroot is earlier than 32:9.7.3-2.el6_1.P3.2 AND bind-sdb is earlier than 32:9.7.3-2.el6_1.P3.2 AND bind-libs is earlier than 32:9.7.3-2.el6_1.P3.2 AND bind-devel is earlier than 32:9.7.3-2.el6_1.P3.2 AND bind-utils is earlier than 32:9.7.3-2.el6_1.P3.2

Definition Id: oval:org.mitre.oval:def:27999

Oval ID:	oval:org.mitre.oval:def:27999
Title:	DEPRECATED: ELSA-2011-0926 -- bind security update (important)
Description:	[32:9.7.3-2.2.P3] - update to 9.7.3-P3 (CVE-2011-2464)
Family:	unix	Class:	patch
Reference(s):	ELSA-2011-0926 CVE-2011-2464	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	bind97 bind
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section bind97 is earlier than 0:9.7.0-6.P2.el5_6.3 AND bind97-chroot is earlier than 0:9.7.0-6.P2.el5_6.3 AND bind97-devel is earlier than 0:9.7.0-6.P2.el5_6.3 AND bind97-libs is earlier than 0:9.7.0-6.P2.el5_6.3 AND bind97-utils is earlier than 0:9.7.0-6.P2.el5_6.3 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section bind is earlier than 0:9.7.3-2.el6_1.P3.2 AND bind-chroot is earlier than 0:9.7.3-2.el6_1.P3.2 AND bind-devel is earlier than 0:9.7.3-2.el6_1.P3.2 AND bind-libs is earlier than 0:9.7.3-2.el6_1.P3.2 AND bind-sdb is earlier than 0:9.7.3-2.el6_1.P3.2 AND bind-utils is earlier than 0:9.7.3-2.el6_1.P3.2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Isc Bind cpe:2.3:a:isc:bind:9.8.1:b1:::-:::* cpe:2.3:a:isc:bind:9.8.0:b1:::-:::* cpe:2.3:a:isc:bind:9.8.0:p2:::-:::* cpe:2.3:a:isc:bind:9.8.0:rc1:::-:::* cpe:2.3:a:isc:bind:9.8.0::::-::: cpe:2.3:a:isc:bind:9.8.0:a1:::-:::* cpe:2.3:a:isc:bind:9.8.0:p1:::-:::* cpe:2.3:a:isc:bind:9.7.3:b1:::-:::* cpe:2.3:a:isc:bind:9.7.3:p1:::-:::* cpe:2.3:a:isc:bind:9.7.3:rc1:::-:::* cpe:2.3:a:isc:bind:9.7.3::::-::: cpe:2.3:a:isc:bind:9.7.2b1:::::::* cpe:2.3:a:isc:bind:9.7.2:rc1:::-:::* cpe:2.3:a:isc:bind:9.7.2:p3:::-:::* cpe:2.3:a:isc:bind:9.7.2:p1:::-:::* cpe:2.3:a:isc:bind:9.7.2:p2:::-:::* cpe:2.3:a:isc:bind:9.7.2::::-::: cpe:2.3:a:isc:bind:9.7.1:p2:::-:::* cpe:2.3:a:isc:bind:9.7.1::::-::: cpe:2.3:a:isc:bind:9.7.1:p1:::-:::* cpe:2.3:a:isc:bind:9.7.1:rc1:::-:::* cpe:2.3:a:isc:bind:9.7.0:p1:::-:::* cpe:2.3:a:isc:bind:9.7.0::::-::: cpe:2.3:a:isc:bind:9.7.0:rc1:::-:::* cpe:2.3:a:isc:bind:9.7.0:rc2:::-:::* cpe:2.3:a:isc:bind:9.7.0:b1:::-:::* cpe:2.3:a:isc:bind:9.7.0:p2:::-:::* cpe:2.3:a:isc:bind:9.6.3:rc1:::-:::* cpe:2.3:a:isc:bind:9.6.3::::-::: cpe:2.3:a:isc:bind:9.6.2::::-::: cpe:2.3:a:isc:bind:9.6.2:rc1:::-:::* cpe:2.3:a:isc:bind:9.6.1:p1:::-:::* cpe:2.3:a:isc:bind:9.6.1:rc1:::-:::* cpe:2.3:a:isc:bind:9.6.1:p3:::-:::* cpe:2.3:a:isc:bind:9.6.1::::-::: cpe:2.3:a:isc:bind:9.6.1:p2:::-:::* cpe:2.3:a:isc:bind:9.6.0::::-::: cpe:2.3:a:isc:bind:9.6.0:p1:::-:::* cpe:2.3:a:isc:bind:9.6.0:rc2:::-:::* cpe:2.3:a:isc:bind:9.6.0:rc1:::-:::* cpe:2.3:a:isc:bind:9.6:::::::*	41

OpenVAS Exploits

Date	Description
2012-09-10	Name : Slackware Advisory SSA:2011-189-01 bind File : nvt/esoft_slk_ssa_2011_189_01.nasl
2012-09-10	Name : Slackware Advisory SSA:2011-224-01 bind File : nvt/esoft_slk_ssa_2011_224_01.nasl
2012-08-10	Name : Gentoo Security Advisory GLSA 201206-01 (bind) File : nvt/glsa_201206_01.nasl
2012-07-30	Name : CentOS Update for bind97 CESA-2011:0926 centos5 x86_64 File : nvt/gb_CESA-2011_0926_bind97_centos5_x86_64.nasl
2011-11-28	Name : Fedora Update for bind FEDORA-2011-16002 File : nvt/gb_fedora_2011_16002_bind_fc14.nasl
2011-10-20	Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006) File : nvt/gb_macosx_su11-006.nasl
2011-08-18	Name : SuSE Update for bind SUSE-SA:2011:029 File : nvt/gb_suse_2011_029.nasl
2011-08-09	Name : CentOS Update for bind97 CESA-2011:0926 centos5 i386 File : nvt/gb_CESA-2011_0926_bind97_centos5_i386.nasl
2011-08-03	Name : Debian Security Advisory DSA 2272-1 (bind9) File : nvt/deb_2272_1.nasl
2011-08-03	Name : FreeBSD Ports: bind96 File : nvt/freebsd_bind96.nasl
2011-07-27	Name : Fedora Update for bind FEDORA-2011-9127 File : nvt/gb_fedora_2011_9127_bind_fc14.nasl
2011-07-22	Name : Mandriva Update for bind MDVSA-2011:115 (bind) File : nvt/gb_mandriva_MDVSA_2011_115.nasl
2011-07-18	Name : Fedora Update for bind FEDORA-2011-9146 File : nvt/gb_fedora_2011_9146_bind_fc15.nasl
2011-07-08	Name : RedHat Update for bind RHSA-2011:0926-01 File : nvt/gb_RHSA-2011_0926-01_bind.nasl
2011-07-08	Name : Ubuntu Update for bind9 USN-1163-1 File : nvt/gb_ubuntu_USN_1163_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
73605	ISC BIND UPDATE Request Parsing Remote DoS

Nessus® Vulnerability Scanner

Date	Description
2017-04-21	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0066.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL12986.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_4_bind-110706.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_bind-110706.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0926.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110707_bind_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-06-21	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-01.nasl - Type : ACT_GATHER_INFO
2012-03-06	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_42727.nasl - Type : ACT_GATHER_INFO
2011-10-13	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO
2011-10-13	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_7_2.nasl - Type : ACT_GATHER_INFO
2011-08-15	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-224-01.nasl - Type : ACT_GATHER_INFO
2011-07-28	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-189-01.nasl - Type : ACT_GATHER_INFO
2011-07-25	Name : The remote Fedora host is missing a security update. File : fedora_2011-9127.nasl - Type : ACT_GATHER_INFO
2011-07-21	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-115.nasl - Type : ACT_GATHER_INFO
2011-07-12	Name : The remote Fedora host is missing a security update. File : fedora_2011-9146.nasl - Type : ACT_GATHER_INFO
2011-07-11	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_bind-110706.nasl - Type : ACT_GATHER_INFO
2011-07-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0926.nasl - Type : ACT_GATHER_INFO
2011-07-08	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0926.nasl - Type : ACT_GATHER_INFO
2011-07-07	Name : The remote name server may be affected by a denial of service vulnerability. File : bind9_980_p4.nasl - Type : ACT_GATHER_INFO
2011-07-06	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_fd64188da71d11e089b4001ec9578670.nasl - Type : ACT_GATHER_INFO
2011-07-06	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1163-1.nasl - Type : ACT_GATHER_INFO
2011-07-06	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2272.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 12:07:31	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	6
CPE ID(s)	41
osvdb(s)	1
Openvas Exploit(s)	15
Nessus® Exploit(s)	22

	Related
5	CVE-2011-2464
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)