News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
August 01, 2014, 05:50:57
Pages: [1] 2   Go Down
  Print  
Topic: ISC BIND vulns/updates  (Read 6552 times)
0 Members and 1 Guest are viewing this topic.
« on: January 08, 2009, 03:13:03 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8181



FYI...

BIND 9.x security patch
- http://isc.sans.org/diary.html?storyid=5641
Last Updated: 2009-01-08 02:00:56 UTC - ""The Internet Systems Consortium  http://www.isc.org  has released an update for all supported BIND 9.x versions today (2009-Jan-07) containing a security patch to address a potential DNS poisoning vector. *NOTE*  This patch release does not appear to be an emergency situation requiring immediate updates for all... Patch deployment would appear most critical among recursive name resolvers. The flaw affects all actively developed and supported versions prior to and resolved with today's release of BIND 9.3.6-P1, 9.4.3-P1, 9.5.0-P2(-W2), 9.5.1-P1 and 9.6.0-P1... check with your vendor.
From the BIND "RELEASE NOTES" relative to each specific supported version:
"BIND 9.6.0-P1 is a SECURITY patch for BIND 9.6.0. It addresses a bug in which return values from some OpenSSL functions were left unchecked, making it theoretically possible to spoof answers from some signed zones."
ISC BIND Server software Index
https://www.isc.org/downloadables/11 ..."

> https://www.isc.org/node/373
7 January 2009

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0025
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5077

 Exclamation
« Last Edit: September 14, 2012, 07:06:50 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #1 on: July 29, 2009, 02:16:28 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8181



FYI...

BIND Dynamic Update DoS - update
- https://www.isc.org/node/474
CVE: CVE-2009-0696    
CERT: http://www.kb.cert.org/vuls/id/725188    
Posting date: 2009-07-28    
Program Impacted: BIND    
Versions affected: BIND 9 (all versions)
Severity: High    
Exploitable: remotely    
Summary: BIND denial of service (server crash) caused by receipt of a specific remote dynamic update message.
Description:
Urgent: this exploit is public. Please upgrade immediately.

Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert.
This vulnerability affects all servers that are masters for one or more zones – it is not limited to those that are configured to allow dynamic updates. Access controls will not provide an effective workaround.
dns_db_findrdataset() fails when the prerequisite section of the dynamic update message contains a record of type “ANY” and where at least one RRset for this FQDN exists on the server.
db.c:659: REQUIRE(type != ((dns_rdatatype_t)dns_rdatatype_any)) failed
exiting (due to assertion failure).
Workarounds: None.
(Some sites may have firewalls that can be configured with packet filtering techniques to prevent nsupdate messages from reaching their nameservers.)

Active exploits: An active remote exploit is in wide circulation at this time.
Solution: Upgrade BIND to one of 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1. These versions can be downloaded from:
    http://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz
    http://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz
    http://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz ...

- http://www.us-cert.gov/current/#internet_systems_consortium_bind_9
July 29, 2009

 Exclamation
« Last Edit: July 29, 2009, 23:53:18 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #2 on: November 25, 2009, 05:27:43 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8181



FYI...

ISC BIND DNSSEC Cache Poisoning vuln - update available
- http://secunia.com/advisories/37426/2/
Release Date: 2009-11-25
Impact: Spoofing
Where: From remote
Solution Status: Vendor Patch
Software: ISC BIND 9.4.x, ISC BIND 9.5.x, ISC BIND 9.6.x ...
Solution: Update to version 9.4.3-P4, 9.5.2-P1, or 9.6.1-P2.
https://www.isc.org/downloadables/11
Original Advisory:
https://www.isc.org/node/504
CVE reference:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4022
Last revised: 11/27/2009

- http://atlas.arbor.net/briefs/index#1385906170

 Exclamation
« Last Edit: December 05, 2009, 04:10:53 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #3 on: December 15, 2009, 07:14:40 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8181



FYI...

BIND name server updates - DNSSEC
- http://isc.sans.org/diary.html?storyid=7750
Last Updated: 2009-12-15 13:47:50 UTC - "Over the first half of 2010, ICANN/IANA plan to sign the root zone [1]. The DNSSEC signature will use SHA256 hashes, which are not supported in older but common versions of BIND. If you run BIND 9.6.0 or 9.6.0P1, you may have issues with these signatures. The bug was fixed in BIND 9.6.1.
From the ISC.org mailing list:
"ISC has arranged for two test zones to be made available which are signed using the new algorithms which are listed in dlv.isc.org.
You can test whether you can successfully resolve these zones using the following queries.
dig rsasha256.island.dlvtest.dns-oarc.net soa
dig rsasha512.island.dlvtest.dns-oarc.net soa

[1] http://www.icann.org/en/announcements/announcement-2-09oct08-en.htm
[2] https://www.isc.org/software/bind/dnssec "

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #4 on: January 20, 2010, 02:00:55 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8181



FYI...

BIND v9.6.1-P3 released
- http://isc.sans.org/diary.html?storyid=8029
Last Updated: 2010-01-20 03:24:17 UTC - "Internet Systems Consortium (ISC) announced the release of the BIND 9.6.1-P3 security patch to address two cache poisoning vulnerabilities, "both of which could allow a validating recursive nameserver to cache data which had not been authenticated or was invalid."
- https://www.isc.org/advisories/CVE-2010-0097
- https://www.isc.org/advisories/CVE-2009-4022v6
Download:
- https://www.isc.org/downloadables/11 ..."

- http://secunia.com/advisories/38219/2/
Release Date: 2010-01-20
Impact: Spoofing
Where: From remote
Solution Status: Vendor Patch
Software: ISC BIND 9.4.x, ISC BIND 9.5.x, ISC BIND 9.6.x
US-CERT VU#360341: http://www.kb.cert.org/vuls/id/360341

 Exclamation
« Last Edit: January 20, 2010, 02:33:44 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #5 on: March 02, 2010, 09:21:51 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8181



FYI...

BIND v9.6.2 released
- http://isc.org/files/release-notes/962.html#RELEASE
28 Feb 2010

- http://isc.org/files/release-notes/962.html#DOWNLOADS

Windows Download
- http://isc.org/software/bind/962/download/bind962zip

- http://isc.sans.org/diary.html?storyid=8335
Last Updated: 2010-03-02 13:19:13 UTC

 Exclamation Exclamation
« Last Edit: March 02, 2010, 09:23:22 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #6 on: December 02, 2010, 02:46:37 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8181



FYI...

BIND vulns/updates released

Security Advisories
- http://www.isc.org/advisories/bind

- http://secunia.com/advisories/42374/
Release Date: 2010-12-02
Software: ISC BIND 9.6.x, ISC BIND 9.7.x
Original Advisory:
https://www.isc.org/software/bind/advisories/cve-2010-3613

- http://secunia.com/advisories/42435/
Release Date: 2010-12-02
Software: ISC BIND 9.4.x, ISC BIND 9.6.x, ISC BIND 9.7.x
Original Advisory:
https://www.isc.org/software/bind/advisories/cve-2010-3614

- http://secunia.com/advisories/42458/
Release Date: 2010-12-02
Software: ISC BIND 9.7.x
Original Advisory:
https://www.isc.org/software/bind/advisories/cve-2010-3615

- http://www.us-cert.gov/current/#internet_systems_consortium_bind_vulnerabilities
December 2, 2010

- http://www.securitytracker.com/id?1024817
Dec 2 2010

 Exclamation
« Last Edit: December 03, 2010, 04:55:43 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #7 on: February 23, 2011, 12:37:45 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8181




FYI...

BIND DoS vuln advisory - v9.7.1-9.7.2-P3
- http://www.isc.org/software/bind/advisories/cve-2011-0414
22 Feb 2011
Versions affected: 9.7.1-9.7.2-P3
Severity: High
Exploitable: remotely
"... upgrade to BIND 9.7.3.... If you run BIND 9.6.x, 9.6-ESV-Rx, or 9.4-ESV-R4, you do not need to upgrade. BIND 9.5 is End of Life and is not supported by ISC. BIND 9.8 is -not- vulnerable..."

- http://www.isc.org/software/bind

- http://www.securitytracker.com/id/1025110
Feb 23 2011

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0414
Last revised: 02/23/2011

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #8 on: May 06, 2011, 02:50:06 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8181



FYI...

BIND - DoS vuln - update available
- http://secunia.com/advisories/44416/
Release Date: 2011-05-06
Criticality level: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: ISC BIND 9.8.x
CVE Reference: CVE-2011-1907   
Solution: Update to version 9.8.0-P1 or higher.
Original Advisory: https://www.isc.org/CVE-2011-1907

- http://www.securitytracker.com/id/1025503
May 6 2011

 Exclamation Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #9 on: May 27, 2011, 06:21:41 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8181



FYI...

ISC BIND vuln...
- http://secunia.com/advisories/44719/
Release Date: 2011-05-27
Criticality level: Moderately critical
Impact: DoS
Where: From remote
Software: ISC BIND 9.4.x, 9.6.x, 9.7.x, 9.8.x
CVE Reference: CVE-2011-1910
Solution: Update to version 9.4-ESV-R4-P1 as soon as available or versions 9.6-ESV-R4-P1, 9.7.3-P1, and 9.8.0-P2.
Original Advisory: https://www.isc.org/software/bind/advisories/cve-2011-1910

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #10 on: July 05, 2011, 08:21:00 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8181



FYI...

ISC BIND - DoS vulns/updates
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2464
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2465

- http://secunia.com/advisories/45082/
Release Date: 2011-07-05
Criticality level: Moderately critical
Impact: DoS
Where: From remote ...
Software: ISC BIND 9.6.x, ISC BIND 9.7.x
Solution: Update to versions 9.6-ESV-R4-P3, 9.7.3-P3.
Original Advisory: http://www.isc.org/software/bind/advisories/cve-2011-2464
Severity: High
- http://secunia.com/advisories/45185/
Release Date: 2011-07-05
Criticality level: Moderately critical
Impact: DoS
Where: From remote ...
Software: ISC BIND 9.8.x
Solution: Update to version 9.8.0-P4.
Original Advisory: http://www.isc.org/software/bind/advisories/cve-2011-2465
Severity: High
- http://www.securitytracker.com/id/1025743
- http://www.securitytracker.com/id/1025742
Jul 5 2011
___

IBM AIX BIND - DNSSEC
- http://aix.software.ibm.com/aix/efixes/security/bind9_advisory2.asc
Jul 15 2011
CVE Numbers:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3613
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3614

 Exclamation
« Last Edit: July 18, 2011, 14:35:45 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #11 on: November 17, 2011, 05:44:44 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8181



FYI...

BIND 9 updates released

- https://www.isc.org/software/bind/advisories/cve-2011-4313
5 December update... "... Workarounds:
The best solution is to upgrade. Upgrade BIND to one of the following patched versions: BIND 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, 9.4-ESV-R5-P1
5 December Update: For customers who are unable to migrate immediately to a patched version of BIND, there is now a mitigation strategy available.  ISC continues to strongly recommend installing a patched version as the safest course of action, but if circumstances prevent you from doing so you can still reduce or eliminate your exposure to the CVE-2011-4313 vulnerability with a configuration option addition to named.conf.
Please see this Supplemental page* in our KnowledgeBase for full details of this workaround and other operational considerations...
* https://deepthought.isc.org/article/AA-00549
Last Updated: 2011-12-05
• Authoritative-only servers are -not- vulnerable. Only servers acting in a recursive / resolving capacity are affected.
• Recursive servers are vulnerable if they query zones which you do not directly control (for example, if they query zones on the internet.)
• Resolving queries through a forwarder does not prevent exposure to this vulnerability.
• You are potentially vulnerable if you resolve queries for data provided by a third party.  Examples could include addresses in email, html links in web pages, or queries submitted by users..."

* https://www.isc.org/software/bind/advisories/cve-2011-4313
16 November 2011 - "... reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))" Multiple versions were reported being affected, including all currently supported release versions of ISC BIND 9...
CVE: CVE-2011-4313
Versions affected: All currently supported versions of BIND, 9.4-ESV, 9.6-ESV, 9.7.x, 9.8.x
Severity: Serious
Exploitable: Remotely ...
Workarounds: No workarounds are known. The solution is to upgrade. Upgrade BIND to one of the following patched versions: BIND 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, 9.4-ESV-R5-P1
Active exploits: Under investigation
Solution: Patches mitigating the issue are available at:
https://www.isc.org/software/bind/981-p1
https://www.isc.org/software/bind/974-p1
https://www.isc.org/software/bind/96-esv-r5-p1
https://www.isc.org/software/bind/94-esv-r5-p1 ...

- https://secunia.com/advisories/46887/
Last Update: 2011-11-17
Criticality level: Highly critical
Impact: DoS
Where: From remote
... vulnerability is reported in versions 9.4-ESV, 9.6-ESV, 9.7.x, 9.8.x.
Solution: Update to a fixed version or apply patch (please see the vendor's advisory* for details)....

- http://www.securitytracker.com/id/1026335
CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4313
Date: Nov 17 2011
Impact: Denial of service via network
Fix Available: Yes Vendor Confirmed: Yes  
Version(s): 9.4-ESV, 9.6-ESV, 9.7.x, 9.8.x ...

- https://isc.sans.edu/diary.html?storyid=12049
Last Updated: 2011-11-17 12:58:47 UTC

- http://h-online.com/-1380518
17 November 2011 - "... Update: Patches for Red Hat Enterprise Linux have been released; the advisories RHSA-2011:1458 and RHSA-2011:1459 contain further details."
- http://rhn.redhat.com/errata/RHSA-2011-1458.html
- http://rhn.redhat.com/errata/RHSA-2011-1459.html

- http://www.theregister.co.uk/2011/11/16/bind_in_a_bind_again/
16th November 2011 22:17 GMT - "... apparently being exploited to attack networks, with multiple members of the BIND users email list from Germany, France and the US reporting simultaneous crashes across multiple servers..."

 Exclamation Exclamation
« Last Edit: December 05, 2011, 20:00:43 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #12 on: November 27, 2011, 12:52:01 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8181



FYI...

Oracle Solaris ISC-BIND vuln
- https://secunia.com/advisories/46984/
Release Date: 2011-11-24
Criticality level: Highly critical
Impact: DoS
Where: From remote
Operating System: Sun Solaris 10.x, 8, 9
CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4313
CVSS v2 Base Score: 5.0 (MEDIUM)
Last revised: 12/01/2011
Solution: Apply patches.
Original Advisory: http://blogs.oracle.com/sunsecurity/entry/cve_2011_4313_denial_of
Nov 29, 2011

Others: http://blogs.oracle.com/sunsecurity/
___

- https://www.isc.org/software/bind/advisories/cve-2011-4313
CVE: CVE-2011-4313
16 Nov 2011

 Exclamation
« Last Edit: December 01, 2011, 07:38:41 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #13 on: July 26, 2012, 12:55:36 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8181



FYI...

BIND TCP Memory Leak ...
- http://www.securitytracker.com/id/1027297
CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3868 - 4.3
Jul 25 2012
Version(s): 9.9.0 through 9.9.1-P1
Description: A vulnerability was reported in BIND. A remote user can cause denial of service conditions...
Impact: A remote user can cause performance degradation on the target system.
Solution: The vendor has issued a fix (9.9.1-P2).
The vendor's advisory is available at: https://kb.isc.org/article/AA-00730
Severity: High

BIND DNSSEC Validation Cache Failure ...
- http://www.securitytracker.com/id/1027296
CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3817 - 7.8 (HIGH)
Jul 25 2012
Version(s): 9.6-ESV-R1 through 9.6-ESV-R7-P1; 9.7.1 through 9.7.6-P1; 9.8.0 through 9.8.3-P1; 9.9.0 through 9.9.1-P1
Description: A vulnerability was reported in BIND. A remote user can cause denial of service conditions...
Impact: A remote user can cause the target system to crash.
Solution: The vendor has issued a fix (9.9.1-P2, 9.8.3-P2, 9.7.6-P2, 9.6-ESV-R7-P2).
The vendor's advisory is available at: https://kb.isc.org/article/AA-00729
Severity: Critical

 Exclamation Exclamation
« Last Edit: September 14, 2012, 07:05:55 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #14 on: September 14, 2012, 07:09:26 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8181



FYI...

ISC BIND DoS vuln - update available
- http://www.securitytracker.com/id/1027529
Sep 13 2012
CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4244 - 7.8 (HIGH)
Impact: Denial of service via network
Solution: The vendor has issued a fix (9.7.6-P3, 9.7.7, 9.6-ESV-R7-P3, 9.6-ESV-R8, 9.8.3-P3, 9.8.4, 9.9.1-P3, 9.9.2).
Description: ... A remote user can cause denial of service conditions.
The vendor's advisory is available at:
https://kb.isc.org/article/AA-00778/74
Severity: Critical

- https://secunia.com/advisories/50610/
Release Date: 2012-09-13
Criticality level: Moderately critical
Impact: DoS
Where: From remote...
___

- https://www.isc.org/software/bind/security/matrix

 Exclamation
« Last Edit: September 14, 2012, 07:42:01 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: [1] 2   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.792 seconds with 20 queries.