-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2011-0015 Title: ISC BIND 9 Recursive Queries Remote Denial of Service Vulnerability Version history: 18.11.2011 Initial publication Summary ======= ISC BIND is prone to a remote denial-of-service vulnerability [1]; fixes are available. CVE-2011-4313(Candidate) Severity Level[3]: CVSS2 Base 5 Remote Yes Local No Credibility Vendor Confirmed Ease Exploit Available Authentication Not Required Potential impact ================ An attacker can exploit this issue to cause the 'named' process to crash, denying service to legitimate users. Impact Type: Allows service disruption; 1. An attacker locates an affected server. 2. The attacker sends specially crafted packets designed to trigger this issue to the server. 3. When the packets are processed, the 'named' process will crash. Vulnerable Systems ================== Among others: Debian Linux 6.0 amd64 Debian Linux 6.0 arm Debian Linux 6.0 ia-32 Debian Linux 6.0 ia-64 Debian Linux 6.0 mips Debian Linux 6.0 powerpc Debian Linux 6.0 s/390 Debian Linux 6.0 sparc ISC Bind 9.7.3 and earlier versions Mandriva Enterprise Server 5 Mandriva Enterprise Server 5 x86_64 Mandriva Linux Mandrake 2010.1 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2011 x86_64 Ubuntu Ubuntu Linux 10.04 amd64 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS sparc What can you do? ================ Solutions: Fixes are available [2]. Work-arounds: Allow only trusted hosts and networks to connect to computers running the affected software. This will limit the potential for remote attackers to exploit this issue. If possible, deploy network intrusion detection systems to monitor network traffic for malicious activity. Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to malformed requests and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits. What to tell your users? ======================== Normal security best practices apply. Especially, inform your Web users to be cautious about following links to sites that are provided by unfamiliar or suspicious sources users and to be aware not to click on the link in suspicious emails; to immediately forward the email to the respective IT security officer / contact in your institution. More information ================ [1] http://www.isc.org/software/bind/advisories/cve-2011-4313 [2] http://www.isc.org/software/bind/advisories/cve-2011-4313 [3] CVSS details: CVSS Version 2 Scores CVSS2 Base 5 CVSS2 Temporal 4.1 CVSS2 Base Vector AV:N/AC:L/Au:N/C:N/I:N/A:P CVSS2 Temporal VectorE:F/RL:OF/RC:C More information about CVSS is available at: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 -----BEGIN PGP SIGNATURE----- Version: BCPG v1.39 iQJXBAEBAgBBBQJOxl/2OhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4N81g/+IVHtPvzn xb6BZAymMWNGpIharM62gyvkniHyrIi0I9NdbNAo4dYDzG4KI0LSEKKUK9wZZ04e MDrXgDWc4Bl03qb29Bbt0eQlyekzqym1xA36kconem6yK+XLaTtf3P4D0425LE7n r57JUeY3IQAL59kNUyR5z9gF5ec+bCUdsmL11dDSslh6/oeYNCDYIbuvee8KWvm9 errU1ewFJske90EJoDB6Z747QsjUzNKkHGBkTJ7T08Dwf7g6KYFTWH5b4ma1Rihx v76Zb72ecaJZOA80AWMDT4HYsSYgFkVxRCrkgWM7T46nHsPvJpavfWEGsfLYsT6r LU+5MdVQ/X0INNGgjRqO9FZL7yVXHff9sVH0KbXXm4hbxNGz2fKP7hAf4OQKAqho DRuAZhqhy3ArW9J78kU7mprbilE9iBpQnkQnP57+1AJsVxFvQaaSqNq1PE9vvfIN BnNThGl+BGWOxEZ8vCuzd/XKAh/OoHKHcxP3ja5CZs9RFAv4zTwK1hJbtVWafK6e DJn+2emp4Z7JpXj+DCvZQOCBTpJ61HX9mKA2UXdmFf5BS2syGPAsOFFDR5awE5xA zbYyEt/6OhHMSurD18zCDbMV+5vPPzIbTvIt1PSZtRIOk68APq5YPoz5sCfAcx8v SMEj+HHO7cSlBd0P+5Pax9/vPvLUsML81NY= =BFSw -----END PGP SIGNATURE-----