MA-186.082009: MyCERT Alert - Critical Vulnerability in BIND 9 1.0 Introduction A critical vulnerability has been identified in BIND 9, the most commonly used DNS server on the Internet made by Internet Software Consortium. This vulnerability is caused by the Dynamic Updates protocol of DNS module (RFC 2136) that allows adding and deleting information on domain name records on DNS server. 2.0 Impact By exploiting this vulnerability, an attacker could remotely perform denial of service (DOS) attack against DNS server that uses BIND. This in turn may affect many Internet related services. 3.0 Affected Products The detail lists of the vulnerable BIND versions are as below: - BIND 9.6 (UNIX and Windows)
- BIND 9.5 (UNIX and Windows)
- BIND 9.4 (UNIX and Windows)
4.0 Recommendation MyCERT recommends system administrator of this application to upgrade to the latest version of BIND 9. The update can be obtained via this URL: Analysis can be performed by looking at the log and look for the following lines of error: - named [< process number >]: db.c: 619: REQUIRE (type! = ((dns_rdatatype_t) dns_rdatatype_any)) failed
- named [< process number >]: exiting (due to assertion failure)
MyCERT advises the users of this software to be updated with the latest security announcements by the vendor. System administrators who have discovered suspicious error logs as mentioned above can forward them to MyCERT for further analysis and abuse notification. MyCERT can be reached through the following channels: E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my 5.0 References |
