UK MapNISCC Logo
spacer
UNIRAS (UK Gov CERT)
Advisory Type: Alert
Id: 20050125-00059  Ref: 03/2005  Date:  25 January 2005 Time:  12:43

Title: Vulnerability Issues with the BIND 8 Software

Abstract: BIND uses a certain array to track nameservers/addresses that have been queried; it is possible to remotely overrun the buffer for this array and hence cause a denial-of-service.

NISCC Comment: A remote buffer overrun vulnerability concerning BIND 8 has been discovered by the Internet Systems Consortium, Inc. (ISC).

Vendors affected: 

Operating Systems affected: 

Applications/Services affected: BIND v8.4.4 and v8.4.5

Patch: Avaliable on-line

Patch effective: Yes

Impact: Denial of service

NISCC Vulnerability Advisory 454305/NISCC/BIND8

Vulnerability Issues with the BIND 8 Software

Version Information
-------------------
Advisory Reference  454305/NISCC/BIND8
Release Date	    25 Jan 2005
Last Revision	    21 Jan 2005
Version Number	    1.0

What is affected?
-----------------
The vulnerability only affects BIND v8.4.4 and v8.4.5.

Severity 
--------
This is rated as low, although if exploited this could potentially result in a 
denial-of-service.

Summary
-------
A remote buffer overrun vulnerability concerning BIND 8 has been discovered by the Internet 
Systems Consortium, Inc. (ISC).

ISC have solutions available that can rectify these issues, please refer to the 
'Solution' section for further information.

[Please note that revisions to this advisory will not be notified by email. All 
subscribers are advised to regularly check the NISCC website 
(http://www.niscc.gov.uk/niscc/vulnAdv-en.html) for updates to this notice.]

Details
-------
CVE ID: CAN-2005-0033

BIND uses a certain array to track nameservers/addresses that have been queried; it is possible to 
remotely overrun the buffer for this array and hence cause a denial-of-service.

Mitigation
----------
ISC have recommended the following work-around:

- Disable recursion and glue fetching

Solution
--------
ISC have released an updated version of BIND to rectify this issue:

- BIND 8.4.6

This is available from the ISC website at http://www.isc.org/sw/bind/.

ISC have also produced a patch for users who cannot upgrade to BIND 8.4.6; please contact
the NISCC Vulnerability Team at vulteam@niscc.gov.uk if you wish to receive the patch.

Vendor Information
------------------
Internet Systems Consortium, Inc. (ISC) is a non-profit public benefit corporation 
dedicated to supporting the infrastructure of the Internet. Please visit
http://www.isc.org for further information regarding ISC.

Credits
-------
The NISCC Vulnerability Team would like to thank ISC for reporting this issue to NISCC and 
for their assistance in the handling of this vulnerability.

Contact Information
-------------------
The NISCC Vulnerability Management Team can be contacted as follows:

Email	   vulteam@niscc.gov.uk 
           Please quote the advisory reference in the subject line

Telephone  +44 (0)870 487 0748 Ext 4511
           Monday - Friday 08:30 - 17:00

Fax	   +44 (0)870 487 0749

Post	   Vulnerability Management Team
           NISCC
           PO Box 832
           London
           SW1P 1BG

We encourage those who wish to communicate via email to make use of our PGP key. This is available 
from http://www.niscc.gov.uk/niscc/publicKey2-en.pop.

Please note that UK government protectively marked material should not be sent to the email address 
above. 

If you wish to be added to our email distribution list please email your request to 
uniras@niscc.gov.uk.
 
Acknowledgements

UNIRAS wishes to acknowledge the contributions of ISC for the information contained in this Briefing.

Updates

This advisory contains the information released by the original author. Some of the information may have changed since it was released. If the vulnerability affects you, it may be prudent to retrieve the advisory from the canonical site to ensure that you receive the most current information concerning that problem.

Legal Disclaimer

Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors or omissions contained within this briefing notice. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this notice.

FIRST

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.