search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

ISC BIND 8 fails to properly dereference cache SIG RR elements with invalid expiry times from the internal database

Vulnerability Note VU#581682

Original Release Date: 2002-11-13 | Last Revised: 2003-02-25

Overview

A remotely exploitable denial-of-service vulnerability exists in BIND.

Description

A remotely exploitable denial-of-service vulnerability exists in BIND 8.2 - 8.2.6 and BIND 8.3.0 - 8.3.3. ISC's description of this vulnerability states:

It is possible to de-reference a NULL pointer for certian [sic] signature expire values.

Impact

The BIND daemon will shut down. As a result, clients will not be able to connect to the service to resolve queries.

Solution

Apply a patch from your vendor. In the absence of a patch, you may wish to consider ISC's recommendation, which is upgrading to "BIND 4.9.11, BIND 8.2.7, BIND 8.3.4 or preferably BIND 9." Additionally, ISC indicates, "BIND 4 is officially deprecated. Only security fixes will be issued for BIND 4."

Disable recursion if possible.

Vendor Information

581682
 
Expand all

Apple Computer Inc. Affected

Updated:  December 02, 2002

Status

Affected

Vendor Statement

Affected Systems: Mac OS X and Mac OS X Server with BIND versions 8.1, 8.2 to 8.2.6, and 8.3.0 to 8.3.3

Mitigating Factors: BIND is not enabled by default on Mac OS X or Mac OS X Server

This is addressed in Security Update 2002-11-21 http://www.apple.com/support/security/security_updates.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nortel Networks Affected

Updated:  December 03, 2002

Status

Affected

Vendor Statement

NetID version 4.3.1 and below is affected by the vulnerabilities identified in CERT/CC Advisory CA-2002-31. A bulletin and patched builds are available from the following Nortel Networks support contacts:

North America: 1-800-4NORTEL or 1-800-466-7835
Europe, Middle East and Africa: 00800 8008 9009, or +44 (0) 870 907 9009

Optivity NMS is not affected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please note that there was a delay in posting Nortel's vendor statement update. Their update was sent to the CERT/CC on Nov 27, 2002.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat Inc. Affected

Notified:  November 12, 2002 Updated: November 13, 2002

Status

Affected

Vendor Statement

Older releases (6.2, 7.0) of Red Hat Linux shipped with versions of BIND which may be vulnerable to these issues however a Red Hat security advisory in July 2002 upgraded all our supported distributions to BIND 9.2.1 which is not vulnerable to these issues.

All users who have BIND installed should ensure that they are running these updated versions of BIND.

http://rhn.redhat.com/errata/RHSA-2002-133.html Red Hat Linux
http://rhn.redhat.com/errata/RHSA-2002-119.html Advanced Server 2.1

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MontaVista Software Not Affected

Notified:  November 12, 2002 Updated: November 13, 2002

Status

Not Affected

Vendor Statement

MontaVista ships BIND 9, thus is not vulnerably to these advisories.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nominum Not Affected

Updated:  November 13, 2002

Status

Not Affected

Vendor Statement

Nominum "Foundation" Authoritative Name Server (ANS) is not affected by this vulnerability. Also, Nominum "Foundation" Caching Name Server (CNS) is not affected by this vulnerability. Nominum's commercial DNS server products, which are part of Nominum "Foundation" IP Address Suite, are not based on BIND and do not contain any BIND code, and so are not affected by vulnerabilities discovered in any version of BIND.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Alcatel Unknown

Updated:  February 25, 2003

Status

Unknown

Vendor Statement

Following CERT advisory CA-2002-31 on security vulnerabilities in the ISC BIND implementation, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. A first analysis has shown that the following products (OmniSwitch 6600, 7700, 8800) may be impacted. Customers may wish to contact their support for more details. The security of our customers' networks is of highest priority for Alcatel. Therefore we continue to test our product portfolio against potential ISC BIND security vulnerabilities and will provide updates if necessary.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Internet Security Systems is credited for discovering this vulnerability.

This document was written by Ian A Finlay.

Other Information

CVE IDs: CVE-2002-1221
Severity Metric: 27.54
Date Public: 2002-11-12
Date First Published: 2002-11-13
Date Last Updated: 2003-02-25 18:24 UTC
Document Revision: 10

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis