| VID |
19012 |
| Severity |
30 |
| Port |
53 |
| Protocol |
TCP,UDP |
| Class |
DNS |
| Detailed Description |
The BIND daemon, according to its version number, is vulnerable to the negative cache poison bug that may allow an attacker to disable this service remotely. ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3 are vulnerable to cache poisoning via negative responses. An attacker may arrange for malicious DNS messages to be delivered to a target name server, and cause that name server to cache a negative response for some target domain name. The name server would thereafter respond negatively to legitimate queries for that domain name, resulting in a denial-of-service for applications that require DNS.
* Note: This check solely relied on the version number of the remote BIND Server to assess this vulnerability, so this might be a false positive.
* References:
http://www.kb.cert.org/vuls/id/734644
http://www.isc.org/products/BIND/bind8.html
http://marc.theaimsgroup.com/?l=bind-announce&m=106988846219834&w=2
http://marc.theaimsgroup.com/?l=bind-announce&m=106988846919846&w=2
http://secunia.com/advisories/10300/
* Platforms Affected:
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3
HP-UX B.11.00 and B.11.11
Solaris 7, 8 and 9
FreeBSD
IBM AIX
Linux Any version
UNIX Any version |
| Recommendation |
Apply a patch or updated version from your vendor. The ISC has prepared BIND 8.3.7 and BIND 8.4.3 to address this vulnerability. Name servers running BIND 4 are not affected. To obtain the latest versions of BIND, please visit http://www.isc.org/products/BIND/
For HP-UX:
Apply the appropriate patch for your system, as listed in Hewlett-Packard Security Bulletin HPSBUX0311-303 at http://www.kb.cert.org/vuls/id/JPLA-5SJT2P
For Sun Solaris 7, 8 and 9:
Apply the appropriate patch for your system, as listed in SunSolve Web site at
http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/57434
For IBM AIX:
Apply the appropriate patch for your system, as listed in the IBM AIX APAR document at http://www.kb.cert.org/vuls/id/JPLA-5SJT2Y
For FreeBSD:
Apply the patch dated 2003-11-28, as listed in FreeBSD, Inc. Security Advisory FreeBSD-SA-03:19.bind at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:19.bind.asc
For other distributions:
Contact your vendor for upgrade or patch information. Or see the CERT Vulnerability Note VU#734644 at http://www.kb.cert.org/vuls/id/734644 |
| Related URL |
CVE-2003-0914 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
