Knowledge Base ISC Main Website Ask a Question/Contact ISC
CVE-2013-3919: A recursive resolver can be crashed by a query for a malformed zone
Author: Michael McNally Reference Number: AA-00967 Views: 33699 Created: 2013-06-04 21:16 Last Updated: 2013-06-13 10:46 0 Rating/ Voters

A defect exists which allows an attacker to crash a BIND 9 recursive resolver with a RUNTIME_CHECK error in resolver.c

Document Version:          
1.1
Posting date: 
04 Jun 2013
Program Impacted: 
BIND 9

Versions affected: 

BIND 9.6-ESV-R9, 9.8.5, and 9.9.3 are affected

Versions 9.6.0 through 9.6-ESV-R8, 9.8.0 through 9.8.4-P2, and 9.9.0 through 9.9.2-P2 ARE NOT affected.

Other major branches of BIND (e.g. 9.7, 9.5, etc) are not vulnerable but they are no longer supported by ISC and may lack other important security fixes.

Severity: 
High
Exploitable: 
Remotely

Description:

A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal "RUNTIME_CHECK" error in resolver.c

Impact:

Triggering this defect will cause the affected server to exit with an error, denying service to recursive DNS clients that use that particular server.

CVSS Score:  7.8

CVSS Equation:  (AV:N/AC:L/Au:N/C:N/I:N/A:C)

For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=%28AV:N/AC:L/Au:N/C:N/I:N/A:C%29

Workarounds:

None.

Active exploits:

At the time of this advisory no intentional exploitation of this bug has been observed in the wild. However, the existence of the issue has been disclosed on an open mailing list with enough accompanying detail to reverse engineer an attack and ISC is therefore treating this as a Type II (publicly disclosed) vulnerability, in accordance with our Phased Disclosure Process.

Solution: 

New versions of BIND are being provided which contain a fix for the defect. The recommended solution is to upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://ftp.isc.org/isc/bind9

  • BIND 9 version 9.9.3-P1
  • BIND 9 version 9.8.5-P1
  • BIND 9 version 9.6-ESV-R9-P1

Acknowledgements:

Document Revision History:

1.0 Type II Public Disclosure, 04 June, 2013
1.1 Published FAQ and Supplemental Information, 13 June, 2013

Related Documents:

See our BIND Security Matrix for a complete listing of Security Vulnerabilities and versions affected.

This new Knowledge Base article includes additional information and Frequently Asked Questions about this advisory.

If you'd like more information on our product support please visit www.isc.org/support.

Do you still have questions?  Questions regarding this advisory should go to security-officer@isc.org

Note: ISC patches only currently supported versions. When possible we indicate EOL versions affected.

ISC Security Vulnerability Disclosure Policy:  Details of our current security advisory policy and practice can be found here: ISC Software Defect and Security Vulnerability Disclosure Policy

This Knowledge Base article https://kb.isc.org/article/AA-00967 is the complete and official security advisory document.

Legal Disclaimer:
Internet Systems Consortium (ISC) is providing this notice on an "AS IS" basis. No warranty or guarantee of any kind is expressed in this notice and none should be implied. ISC expressly excludes and disclaims any warranties regarding this notice or materials referred to in this notice, including, without limitation, any implied warranty of merchantability, fitness for a particular purpose, absence of hidden defects, or of non-infringement. Your use or reliance on this notice or materials referred to in this notice is at your own risk. ISC may change this notice at any time.  A stand-alone copy or paraphrase of the text of this document that omits the document URL is an uncontrolled copy. Uncontrolled copies may lack important information, be out of date, or contain factual errors.


© 2001-2015 Internet Systems Consortium

Please help us to improve the content of our knowledge base by letting us know below how we can improve this article.

If you have a technical question or problem on which you'd like help, please don't submit it here as article feedback.

For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.

ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.

Feedback
  • There is no feedback for this article
Info Submit Feedback on this Article
Nickname: Your Email: Subject: Comment:
Enter the code below:
Quick Jump Menu