LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page ISC BIND 9 Denial of Service Vulnerability
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 07-29-2009, 01:26 AM   #1
win32sux
Moderator
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 367Reputation: 367Reputation: 367Reputation: 367
Exclamation ISC BIND 9 Denial of Service Vulnerability

NOTE: An exploit for this is in the wild.
Quote:
Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert.

This vulnerability affects all servers that are masters for one or more zones – it is not limited to those that are configured to allow dynamic updates. Access controls will not provide an effective workaround.
ISC Security Advisory | US-CERT Vulnerability Note | CVE-2009-0696
Last edited by win32sux; 07-29-2009 at 01:54 AM.
 
Old 07-31-2009, 02:27 PM   #2
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 5,194

Rep: Reputation: 468Reputation: 468Reputation: 468Reputation: 468Reputation: 468
This exploit affects all BIND 9 releases not just 9.4.x onward.

The BIND you get canned with your RHEL (and probably other distros) may be earlier than 9.4.x (for example it is 9.3.x on RHEL5).

RedHat released updates for the canned versions for RHEL3, RHEL4 and RHEL5 last night that backported the fix into these earlier versions.
 
Old 08-04-2009, 03:17 PM   #3
win32sux
Moderator
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 367Reputation: 367Reputation: 367Reputation: 367
Okay, time to unsticky this.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Troubleshooting Denial of Service vbsaltydog Linux - General 4 07-24-2008 11:51 PM
ISC Bind 9.2.4 verses 9.3.3 gparker Red Hat 1 01-25-2007 07:29 PM
how to disable TCP/IP Denial of Service mayankh Linux - Security 2 10-14-2006 04:01 AM
DDNS with BIND and ISC-DHCPD joel112 Linux - Software 1 05-25-2006 11:06 AM
Denial Of Service Attacks Ozzman Mandriva 13 11-13-2003 12:59 AM


All times are GMT -5. The time now is 04:20 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration