CERT Advisory: DoS Vulnerability in ISC BIND 9

BIND flaw opens doors for DDoS DNS shutdown

June 4, 2002 - Internet Software Consortium's (ISC) Berkeley Internet Name Domain (BIND) server, version 9 before 9.2.1, is affected by a Denial of Service (DoS) vulnerability that gives attackers the opportunity to shut down the Domain Name Service (DNS) server.

The DDoS DNS shutdown is triggered by a specific DNS packet that triggers an internal consistency check. If the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, the code pops abort(), shutting down the DNS server.

If this BIND 9 flaw is exploited, the DNS server shuts down and will not be available unless restarted. The consistency check can even be triggered by simple queries from SMTP servers. ISC BIND versions 4 and 8 are not affected. The vulnerability does not allow attackers to write or execute arbitrary code in any memory locations because the error is properly detected. The only problem is that the correctly detected error condition is improperly handled.

To protect the DNS servers from DDoS attacks exploiting the BIND vulnerability, upgrading the server to version 9.2.1 is advised. If upgrading to BIND 9.2.1 is not an option, applying a patch from vendors will work. All BIND 9 prior to 9.2.1 version users are strongly advised to fix the DNS server vulnerability as fast as possible.

Source: CERT

About Secure64 Software Corporation
Secure64® is a software developer providing highly secure DNS and server applications with built-in denial-of-service protection features to help ensure your Internet-dependent business is always accessible. Based on the genuinely secure SourceT® microOS, Secure64 DNS remains highly available during network attacks and is immune to compromise from rootkits and malware.