[146588] in North American Network Operators' Group
[ISC Security Advisory] BIND 9 Resolver crashes after logging an
daemon@ATHENA.MIT.EDU (Peter Losher)
Wed Nov 16 14:54:05 2011
From: Peter Losher <plosher@isc.org>
Date: Wed, 16 Nov 2011 11:52:19 -0800
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
BIND 9 Resolver crashes after logging an error in query.c
Summary: Organizations across the Internet reported crashes interrupting =
service on BIND 9 nameservers performing recursive queries. Affected =
servers crashed after logging an error in query.c with the following =
message: "INSIST(! dns_rdataset_isassociated(sigrdataset))" Multiple =
versions were reported being affected, including all currently supported =
release versions of ISC BIND 9. ISC is actively investigating the root =
cause and has produced patches which prevent the crash. Further =
information will be made available soon.
CVE: CVE-2011-4313
Document Version: 1.1
Document URL: http://www.isc.org/software/bind/advisories/cve-2011-4313=20=
Posting date: 16 Nov 2011
Program Impacted: BIND
Versions affected: All currently supported versions of BIND, 9.4-ESV, =
9.6-ESV, 9.7.x, 9.8.x
Severity: Serious
Exploitable: Remotely
Description:=20
An as-yet unidentified network event caused BIND 9 resolvers to cache an =
invalid record, subsequent queries for which could crash the resolvers =
with an assertion failure. ISC is working on determining the ultimate =
cause by which a record with this particular inconsistency is cached.At =
this time we are making available a patch which makes named recover =
gracefully from the inconsistency, preventing the abnormal exit.=20
The patch has two components. When a client query is handled, the code =
which processes the response to the client has to ask the cache for the =
records for the name that is being queried. The first component of the =
patch prevents the cache from returning the inconsistent data. The =
second component prevents named from crashing if it detects that it has =
been given an inconsistent answer of this nature.
=20
CVSS Score: 7.8
CVSS Equation: (AV:N/AC:L/Au:N/C:N/I:N/A:C)=20
Workarounds:=20
No workarounds are known. The solution is to upgrade. Upgrade BIND to =
one of the following patched versions: BIND 9.8.1-P1, 9.7.4-P1, =
9.6-ESV-R5-P1, 9.4-ESV-R5-P1
Active exploits:=20
Under investigation
Solution:=20
Patches mitigating the issue are available at:=20
https://www.isc.org/software/bind/981-p1
https://www.isc.org/software/bind/974-p1
https://www.isc.org/software/bind/96-esv-r5-p1
https://www.isc.org/software/bind/94-esv-r5-p1
ISC is receiving multiple reports and working with multiple customers on =
this issue. Please E-mail all questions, packet captures, and details to =
security-officer@isc.org
We very much appreciate all reports received on this issue.
Related Documents:=20
Do you have Questions? Questions regarding this advisory should go to =
security-officer@isc.org.
ISC Security Vulnerability Disclosure Policy: Details of our current =
security advisory policy and practice can be found here: =
https://www.isc.org/security-vulnerability-disclosure-policy
Legal Disclaimer:=20
Internet Systems Consortium (ISC) is providing this notice on an "AS IS" =
basis. No warranty or guarantee of any kind is expressed in this notice =
and none should be implied. ISC expressly excludes and disclaims any =
warranties regarding this notice or materials referred to in this =
notice, including, without limitation, any implied warranty of =
merchantability, fitness for a particular purpose, absence of hidden =
defects, or of non-infringement. Your use or reliance on this notice or =
materials referred to in this notice is at your own risk. ISC may change =
this notice at any time.
=20
A stand-alone copy or paraphrase of the text of this document that omits =
the document URL is an uncontrolled copy. Uncontrolled copies may lack =
important information, be out of date, or contain factual errors.
--=20
[ plosher@isc.org | Senior Operations Architect | ISC | PGP E8048D08 ]
