BIND Vulnerabilities

BIND Vulnerabilities

ISC has discovered or has been notified of several bugs which can result in vulnerabilities of varying levels of severity in BIND as distributed by ISC. Upgrading to the latest BIND version is strongly recommended.
Name: "BIND: Multiple DoS vulnerabilities
[Added 2006.09.06]
Versions affected: All previous releases of BIND 9.3.x and 9.4.x. See note regarding BIND 9.2.x
Severity: HIGH
Exploitable: Remotely
Type: Denial of Service
Description:

SIG Query Processing (CVE-2006-4095):

Recursive servers:

Queries for SIG records will trigger a assertion failure if more than one SIG (covered) RRset is returned.

Exposure can be minimized by restricting sources that can ask for recursion.

Authoritative servers:

If a nameserver is serving a RFC 2535 DNSSEC zone and is queried for the SIG records where the are multiple SIG(covered) RRsets (e.g. a zone apex) then named will trigger a assertion failure when it trys to construct the response.

Excessive Recursive Queries INSIST failure (CVE-2006-4096):

It is possible to trigger a INSIST failure by sending enough recursive queries that the response to the query arrives after all the clients looking for the response have left the recursion queue.

Exposure can be minimized by restricting sources that canask for recursion.

Note for BIND 9.2.x: Code handling this path for 9.2.x has been determined to be wrong, though ISC has not been able to detect an execution path that would trigger the erroneous code in 9.2.x. Nonetheless a patch is provided.

Workarounds:

None

Active Exploits:

None known

Fix:

Upgrade to BIND 9.4.0b2, BIND 9.3.3rc2, BIND 9.3.2-P1, BIND 9.2.7rc1 or BIND 9.2.6-P1 (or later).
http://www.isc.org/sw/bind/

ISC would like to thank The Measurement Factory for bringing this to our attention.