search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Multiple vulnerabilities in DNS implementations

Vulnerability Note VU#955777

Original Release Date: 2006-04-28 | Last Revised: 2006-05-23

Overview

Numerous vulnerabilities have been reported in various Domain Name System (DNS) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause a DNS implementation to behave in an unstable/unpredictable manner.

Description

DNS

The Domain Name System provides name, address, and other information about Internet Protocol (IP) networks and devices.

The Problems

The U.K. National Infrastructure Security Co-ordination Center (NISCC) and the Oulu University Secure Programming Group have reported numerous vulnerabilities in DNS implementations.

These vulnerabilities were discovered using the PROTOS DNS Test Tool developed by Oulu University Secure Programming Group (OUSPG). The results of the tests are described in NISCC Vulnerability Advisory 144154/NISCC/DNS. According to that advisory:

There are three sets of test materials available with the tool; these are specifically designed for the following scenarios:

1. The Query Material -> [queries, dynamic DNS updates] -> DNS server
2. The Response Material -> [query replies] -> DNS server
3. The Response Material -> [query replies] -> DNS stub resolver (client)
4. The Zone Transfer Material -> [zone transfers] -> secondary DNS server

The test material simulates hostile input to the DNS implementation by sending invalid
and/or abnormal packets.

Impact

These vulnerabilities may allow a remote attacker to execute arbitrary code, cause a denial-of-service condition, gain access to sensitive information, or cause an DNS implementation to behave in an unstable/unpredictable manner.


Exploitation of some of these vulnerabilities may allow a remote attacker to take control of a DNS server. Once a DNS server compromised, the attacker may be able to launch attacks on other, unaffected DNS servers.

Solution

Apply a patch from an affected product vendor

Vendor Information

955777
 
Expand all

F5 Networks, Inc. Affected

Notified:  April 26, 2006 Updated: May 03, 2006

Status

Affected

Vendor Statement

F5's 3-DNS and GTM products are vulnerable to the same extent that BIND itself is vulernable. F5 products will be patched when ISC relea

ses fixes to BIND.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Juniper Networks, Inc. Affected

Notified:  April 26, 2006 Updated: April 27, 2006

Status

Affected

Vendor Statement

The OUSPG PROTOS c09-dns-response test tool was run against all Juniper Networks platforms. JUNOS and ScreenOS were unaffected. Tests against JUNOSe, found on the E-series routers, did

result in an issue with the DNS client code (ref: KA 23381). The issue was resolved in the following JUNOSe updates: 5-3-5p0-2, 6-0-3p0-6, 6-0-4, 6-1-3p0-1, 7-0-1p0-7, 7-0-2, 7-1-0p0-1,
7-1-1. Later JUNOSe releases are unaffected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Openwall GNU/*/Linux Affected

Notified:  April 26, 2006 Updated: May 10, 2006

Status

Affected

Vendor Statement

Openwall GNU/*/Linux (Owl) 2.0 contains BIND 9 and a DNS resolver as a part of the GNU C Library (glibc), both with our modifications. Owl 1.1 and earlier releases did not include BIND.

Although there's limited information on these vulnerabilities available, we believe that the BIND 9 package in Owl is affected to the same (very limited) extent that is documented in the statement from the ISC found in the PDF version of the NISCC Vulnerability Advisory 144154/NISCC/DNS and that the DNS resolver in glibc is not affected at all.

Assuming that the ISC's description of the issue is correct, we agree with the ISC's assessment of this issue as minor enough to not require updates for current and past releases. Instead, a fix is expected to be included in a future release of BIND - and we are going to similarly include that in a future release of Owl.

The ISC's description of the issue implies that for the attack to work the DNS server must be configured to use TSIG-based authentication of transactions and the attacker must in fact authenticate successfully. Thus, it appears that the attack may only be carried out via a related previously compromised DNS server and only if both servers are configured to use TSIG-based authentication. The impact of a successful attack is limited to denial of the DNS service.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hewlett-Packard Company Not Affected

Notified:  April 26, 2006 Updated: May 10, 2006

Status

Not Affected

Vendor Statement

HP-UX 11.X - not vulnerable

Tru64 UNIX - not vulnerable

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hitachi Not Affected

Notified:  April 26, 2006 Updated: May 01, 2006

Status

Not Affected

Vendor Statement

AlaxalA Networks AX series, Hitachi GR2000/GR4000/GS4000/GS3000 and Hitachi HI-UX are NOT vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ricoh Corporation Not Affected

Updated:  May 23, 2006

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Apple Computer, Inc. Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Conectiva Inc. Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Cray Inc. Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Debian GNU/Linux Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

EMC, Inc. (formerly Data General Corporation) Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Engarde Secure Linux Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fedora Project Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

FreeBSD, Inc. Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fujitsu Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Gentoo Linux Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation (zseries) Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM eServer Unknown

Notified:  April 26, 2006 Updated: April 27, 2006

Status

Unknown

Vendor Statement

For information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to

https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID=

In order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to

http://app-06.www.ibm.com/servers/resourcelink

and follow the steps for registration.

All questions should be referred to servsec@us.ibm.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Immunix Communications, Inc. Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ingrian Networks, Inc. Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Internet Software Consortium Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Mandriva, Inc. Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Microsoft Corporation Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

MontaVista Software, Inc. Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NEC Corporation Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NetBSD Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Nokia Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Novell, Inc. Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

OpenBSD Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

QNX, Software Systems, Inc. Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Red Hat, Inc. Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

SUSE Linux Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Silicon Graphics, Inc. Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Slackware Linux Inc. Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sony Corporation Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sun Microsystems, Inc. Unknown

Notified:  April 26, 2006 Updated: May 22, 2006

Status

Unknown

Vendor Statement

Sun Microsystems is currently investigating the impact of the OUSPG DNS test suite to Sun's products. If any issues are identified, Sun will publish Sun Alerts which will include details of the impact and

suggested resolution for those issues.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Trustix Secure Linux Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Turbolinux Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ubuntu Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Unisys Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Wind River Systems, Inc. Unknown

Notified:  April 26, 2006 Updated: April 26, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

View all 42 vendors View less vendors


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

These vulnerabilities were reported by NISCC and Oulu University Secure Programming Group (OUSPG)

This document was written by Jeff Gennari.

Other Information

CVE IDs: None
Severity Metric: 19.13
Date Public: 2006-04-25
Date First Published: 2006-04-28
Date Last Updated: 2006-05-23 12:43 UTC
Document Revision: 38

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis