-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0049 Title: Denial of Service on Bind BIND nameservers [1] Version history: 06.06.2013 Initial publication Summary ======= A defect exists which allows an attacker to crash a BIND 9 recursive resolver with a RUNTIME_CHECK error in resolver.c. At the time of this advisory no intentional exploitation of this bug has been observed in the wild. CVE Numbers: CVE-2013-3919 CVSS v2 Base Score:7.8 (HIGH) (AV:N/AC:L/Au:N/C:N/I:N/A:C) Vulnerable systems ================== BIND 9.6-ESV-R9, 9.8.5, and 9.9.3 Original Details ================ A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal "RUNTIME_CHECK" error in resolver.c What can you do? ================ New versions of BIND are being provided which contain a fix for the defect. The recommended solution is to upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from ISC site. [2]http://ftp.isc.org/isc/bind9 BIND 9 version 9.9.3-P1 BIND 9 version 9.8.5-P1 BIND 9 version 9.6-ESV-R9-P1 What to tell your users? ======================== N/A More information ================ [1] https://kb.isc.org/article/AA-00967/ [2] http://ftp.isc.org/isc/bind9 Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJRsD5JAAoJEPpzpNLI8SVofMsP/iUz1KKwcT5rqNeCZf+a1jKT dmn3WuEHFlz8X1nIR7j5fbNZApDFwp3z89Sa2qEsKbWyAqSV2SBQuRxTsH6ppOyz Jz81m97o/fNa387zlIg/hLeOkuy8Wz65kbl+SuuVok8rLfvYJ4ByLLjc5yvvVFoT SL4vEloY8P4suHzcuuHi5MXxWKe3RUeYnwPaKGdYrGwgfnbW2FioqWl8nXt4a+hv vPdPGeJwGYlTuMSxlZQC96aQJEf3UT2hzO1rHB8Ab+AJ+u62VBMH7gUOWuChthTm mJPXKP/avXJBOXXv0kg41svqiqwZ61/xVmx221/WCAqJ1B3fk37uIbuxpdrg3YB4 yNd07C/tmxSTIh3+zUXXzNkj8WkM62htavdYIqmQYjU7qK0EKX7eXlm1JupaB8Tr Hv/tqeicgE/97QiEoufjdMfjWGKXqQkzMQrnpxObFyB5eLPX06ZvHMOD5N976try dYGKyd8PlWhLuZ04TPZ//LLJQ4EBnproED8H1C6jzSJ450stBmLvVYKru8GS13KW ispy25n4/hwDSnwPbRB/P1WCiRj//sajz0/oIbUIT1tLcJIlZ4Fac6ReqItRHaIQ ngam+BCnhFBhZtA3GCj66LMQJ47eRWgb83tlJibVsu3uCo4KNDoD3YUBkFiUOqh+ krzOZ2/6QJEyDBcX5f5b =V8IM -----END PGP SIGNATURE-----