CVE-2002-0400
CVSS5.0
发布时间 :2002-06-18 00:00:00
修订时间 :2008-09-10 15:11:55
NMCOS    

[原文]ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.


[CNNVD]ISC BIND 9远程拒绝服务攻击漏洞(CNNVD-200206-018)

        
        BIND是一款由ISC维护的Internet域名名字系统实现。
        BIND 9在处理特殊DNS包时存在漏洞,可导致远程攻击者关闭BIND服务程序。
        攻击者可以发送设计用于触发一内部一致性检查的DNS包而导致BIND服务程序崩溃,由于此崩溃是由于程序探测到错误条件而不是处理错误而触发,所以不允许攻击者执行任意命令或者写数据到任意内存位置。
        当传递给message.c中的dns_message_findtype()函数的rdataset参数不是所预期的NULL时,内部一致性检查就会触发。此条件导致代码声称接收到错误消息并调用abort()关闭BIND服务程序。
        此意外错误可以通过使用普通的查询操作时发生,特别是来自SMTP服务器的查询很有可能触发此问题。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:isc:bind:9.1.2ISC BIND 9.1.2
cpe:/a:isc:bind:9.1.1ISC BIND 9.1.1
cpe:/a:isc:bind:9.0ISC BIND 9.0
cpe:/a:isc:bind:9.2ISC BIND 9.2
cpe:/a:isc:bind:9.1.3ISC BIND 9.1.3
cpe:/a:isc:bind:9.1ISC BIND 9.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0400
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0400
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200206-018
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/739123
(VENDOR_ADVISORY)  CERT-VN  VU#739123
http://www.cert.org/advisories/CA-2002-15.html
(VENDOR_ADVISORY)  CERT  CA-2002-15
http://www.securityfocus.com/bid/4936
(UNKNOWN)  BID  4936
http://www.redhat.com/support/errata/RHSA-2003-154.html
(UNKNOWN)  REDHAT  RHSA-2003:154
http://www.redhat.com/support/errata/RHSA-2002-119.html
(UNKNOWN)  REDHAT  RHSA-2002:119
http://www.redhat.com/support/errata/RHSA-2002-105.html
(UNKNOWN)  REDHAT  RHSA-2002:105
http://www.novell.com/linux/security/advisories/2002_21_bind9.html
(UNKNOWN)  SUSE  SuSE-SA:2002:021
http://www.iss.net/security_center/static/9250.php
(VENDOR_ADVISORY)  XF  bind-findtype-dos(9250)
http://www.isc.org/index.pl?/sw/bind/bind-security.php
(UNKNOWN)  CONFIRM  http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038
(UNKNOWN)  MANDRAKE  MDKSA-2002:038
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000494
(UNKNOWN)  CONECTIVA  CLA-2002:494
http://archives.neohapsis.com/archives/hp/2002-q3/0022.html
(UNKNOWN)  HP  HPSBUX0207-202
ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24.1/CSSA-2002-SCO.24.1.txt
(UNKNOWN)  CALDERA  CSSA-2002-SCO.24

- 漏洞信息

ISC BIND 9远程拒绝服务攻击漏洞
中危 其他
2002-06-18 00:00:00 2006-11-07 00:00:00
远程  
        
        BIND是一款由ISC维护的Internet域名名字系统实现。
        BIND 9在处理特殊DNS包时存在漏洞,可导致远程攻击者关闭BIND服务程序。
        攻击者可以发送设计用于触发一内部一致性检查的DNS包而导致BIND服务程序崩溃,由于此崩溃是由于程序探测到错误条件而不是处理错误而触发,所以不允许攻击者执行任意命令或者写数据到任意内存位置。
        当传递给message.c中的dns_message_findtype()函数的rdataset参数不是所预期的NULL时,内部一致性检查就会触发。此条件导致代码声称接收到错误消息并调用abort()关闭BIND服务程序。
        此意外错误可以通过使用普通的查询操作时发生,特别是来自SMTP服务器的查询很有可能触发此问题。
        

- 公告与补丁

        临时解决方法:
        本漏洞没有有效的临时解决方法,您应该尽快从ISC站点或者操作系统厂商那里获取并升级到(目前)最新的bind 9.2.1。
        厂商补丁:
        Conectiva
        ---------
        Conectiva已经为此发布了一个安全公告(CLA-2002:494)以及相应补丁:
        CLA-2002:494:bind Denial of Service vulnerability
        链接:
        http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000494

        补丁下载:
        ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/bind-9.2.1-1U70_2cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/bind-9.2.1-1U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/bind-chroot-9.2.1-1U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/bind-devel-9.2.1-1U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/bind-devel-static-9.2.1-1U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/bind-doc-9.2.1-1U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/bind-utils-9.2.1-1U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/SRPMS/bind-9.2.1-1U8_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-9.2.1-1U8_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-chroot-9.2.1-1U8_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-devel-9.2.1-1U8_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-devel-static-9.2.1-1U8_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-doc-9.2.1-1U8_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-libs-9.2.1-1U8_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-utils-9.2.1-1U8_1cl.i386.rpm
        Conectiva Linux version 6.0及以上版本的用户可以使用apt进行RPM包的更新:
        - 把以下的文本行加入到/etc/apt/sources.list文件中:
        
        rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
        (如果你不是使用6.0版本,用合适的版本号代替上面的6.0)
        - 执行: apt-get update
        - 更新以后,再执行: apt-get upgrade
        ISC
        ---
        ISC已经发布BIND 9.2.1版本,可以从如下地址下载:
        
        http://www.isc.org/products/BIND/bind9.html

        相关系统受影响情况:
        供应商 状态 修正日期
        3Com 未知 30-May-2002
        Alcatel 未知 30-May-2002
        Apple 不受影响 31-May-2002
        AT&T 未知 30-May-2002
        BSDI 不受影响 4-Jun-2002
        Caldera 受影响 31-May-2002
        Cisco 未知 30-May-2002
        Compaq Computer 不受影响 4-Jun-2002
        Cray 不受影响 30-May-2002
        Data General 未知 30-May-2002
        Debian 未知 30-May-2002
        djbdns 未知 4-Jun-2002
        Engarde 不受影响 30-May-2002
        F5 Networks 不受影响 30-May-2002
        FreeBSD 不受影响 30-May-2002
        Fujitsu 未知 30-May-2002
        Hewlett Packard 受影响 4-Jun-2002
        IBM 不受影响 4-Jun-2002
        IBM-zSeries 未知 30-May-2002
        Intel 未知 30-May-2002
        ISC 受影响 30-May-2002
        Juniper Networks 未知 30-May-2002
        Lucent 未知 30-May-2002
        MandrakeSoft &nbs

- 漏洞信息

14878
ISC BIND rdataset Parameter Malformed DNS Packet DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-06-04 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

ISC BIND 9 Remote Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 4936
Yes No
2002-06-04 12:00:00 2009-07-11 01:56:00
Published in a Red Hat Security Advisory.

- 受影响的程序版本

ISC BIND 9.2
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ HP HP-UX 11.11
+ HP HP-UX 11.11
+ HP HP-UX 11.0
+ HP HP-UX 11.0
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.3
ISC BIND 9.1.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
ISC BIND 9.1.2
+ Conectiva Linux 7.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
ISC BIND 9.1.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
ISC BIND 9.1
+ Caldera OpenUnix 8.0
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
ISC BIND 9.0
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
ISC BIND 9.2.1
+ Caldera OpenUnix 8.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ SCO Unixware 7.1.3

- 不受影响的程序版本

ISC BIND 9.2.1
+ Caldera OpenUnix 8.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ SCO Unixware 7.1.3

- 漏洞讨论

BIND is a server program that implements the domain name service protocol. It is in extremely wide use on the Internet, in use by most of the DNS servers.

A vulnerability has been reported in some versions of BIND 9. Under some circumstances, the name server named may fail an internal consistancy check. As a result, the server will shut down, and is no longer available to respond to further DNS requests.

It has been reported that some HP products may ship with vulnerable versions of BIND 9, as does Caldera Open UNIX.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

HP has advised applying the patched described in Red Hat Advisory RHSA-2002:105 to HP Secure OS.

HP has released a revised version of the HPSBUX0207-202 advisory. Please see the referenced advisory for more information.

Updates are available:


ISC BIND 9.0

ISC BIND 9.1

ISC BIND 9.1.1

ISC BIND 9.1.2

ISC BIND 9.1.3

ISC BIND 9.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站