CVE-2005-0034
CVSS4.3
发布时间 :2005-05-02 00:00:00
修订时间 :2008-09-05 00:00:00
NMCOPS    

[原文]An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail.


[CNNVD]BIND validator 远程拒绝服务漏洞(CNNVD-200505-621)

        BIND是一个应用非常广泛的DNS协议的实现,由ISC(Internet Software Consortium)负责维护,具体的开发由Nominum(www.nominum.com)公司来完成。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0034
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0034
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-621
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/938617
(PATCH)  CERT-VN  VU#938617
http://xforce.iss.net/xforce/xfdb/19062
(PATCH)  XF  bind-named-dns-dos(19062)
http://www.uniras.gov.uk/niscc/docs/al-20050125-00060.html
(PATCH)  MISC  http://www.uniras.gov.uk/niscc/docs/al-20050125-00060.html
http://www.isc.org/index.pl?/sw/bind/bind-security.php
(PATCH)  CONFIRM  http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://www.trustix.org/errata/2005/0003/
(UNKNOWN)  TRUSTIX  2005-0003
http://www.securityfocus.com/bid/12365
(UNKNOWN)  BID  12365
http://www.isc.org/index.pl?/sw/bind/bind9.php
(UNKNOWN)  CONFIRM  http://www.isc.org/index.pl?/sw/bind/bind9.php
http://securitytracker.com/id?1012995
(UNKNOWN)  SECTRACK  1012995
http://secunia.com/advisories/14008
(UNKNOWN)  SECUNIA  14008

- 漏洞信息

BIND validator 远程拒绝服务漏洞
中危 其他
2005-05-02 00:00:00 2005-10-20 00:00:00
远程  
        BIND是一个应用非常广泛的DNS协议的实现,由ISC(Internet Software Consortium)负责维护,具体的开发由Nominum(www.nominum.com)公司来完成。

- 公告与补丁

        暂无数据

- 漏洞信息 (F38141)

FreeBSD-SA-05-12.bind9.txt (PacketStormID:F38141)
2005-06-21 00:00:00
 
advisory
freebsd
CVE-2005-0034
[点击下载]

FreeBSD Security Advisory FreeBSD-SA-05:12 - A DNSSEC-related validator function in BIND 9.3.0 contains an inappropriate internal consistency test. When this test is triggered, named(8) will exit.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-SA-05:12.bind9                                      Security Advisory
                                                          The FreeBSD Project

Topic:          BIND 9 DNSSEC remote denial of service vulnerability

Category:       core
Module:         bind9
Announced:      2005-06-09
Credits:        Internet Systems Consortium
Affects:        FreeBSD 5.3
Corrected:      2005-03-23 18:16:29 UTC (RELENG_5, 5.3-STABLE)
                2005-06-08 21:29:15 UTC (RELENG_5_3, 5.3-RELEASE-p16)
CVE Name:       CAN-2005-0034

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:http://www.freebsd.org/security/>.

I.   Background

BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is the Internet domain name server.  DNS Security
Extensions (DNSSEC) are additional protocol options that add
authentication and integrity to the DNS protocols.

DNSSEC is not enabled by default in any FreeBSD release.  A system
administrator must take special action to enable DNSSEC.

II.  Problem Description

A DNSSEC-related validator function in BIND 9.3.0 contains an
inappropriate internal consistency test.  When this test is triggered,
named(8) will exit.

III. Impact

On systems with DNSSEC enabled, a remote attacker may be able to inject
a specially crafted packet that will cause the internal consistency test
to trigger, and named(8) to terminate.  As a result, the name server
will no longer be available to service requests.

IV.  Workaround

DNSSEC is not enabled by default, and the "dnssec-enable" directive is
not normally present.  If DNSSEC has been enabled, disable it by
changing the "dnssec-enable" directive to "dnssec-enable no;" in the
named.conf(5) configuration file.

V.   Solution

Perform one of the following:

1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_3
security branch dated after the correction date.

2) To patch your present system:

The following patches have been verified to apply to FreeBSD 5.3
systems.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:12/bind9.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:12/bind9.patch.asc

b) Execute the following commands as root:

# cd /usr/src/
# patch < /path/to/patch
# cd /usr/src/lib/bind
# make obj && make depend && make && make install
# cd /usr/src/usr.sbin/named
# make obj && make depend && make && make install

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Branch                                                           Revision
  Path
- -------------------------------------------------------------------------
RELENG_5
  src/contrib/bind9/lib/dns/validator.c                       1.1.1.1.2.2
RELENG_5_3
  src/UPDATING                                            1.342.2.13.2.19
  src/sys/conf/newvers.sh                                  1.62.2.15.2.21
  src/contrib/bind9/lib/dns/validator.c                   1.1.1.1.2.1.2.1
- -------------------------------------------------------------------------

VII. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0034
http://www.kb.cert.org/vuls/id/938617
http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://www.isc.org/index.pl?/sw/bind/bind9.php

The latest revision of this advisory is available at
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:12.bind9.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)

iD8DBQFCqBbfFdaIBMps37IRAiphAKCG8CX6eNFMNQYhahAER4gFVFc54wCfRZye
2C6LIcrq47xn5SRRV3T9ZL4=
=gFcD
-----END PGP SIGNATURE-----
    

- 漏洞信息

13175
ISC BIND dnssec authvalidated Crafted Packet Remote DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Unknown

- 漏洞描述

BIND contains a flaw that may allow a remote denial of service. The issue is triggered by an error within the authvalidated() function, and will result in loss of availability for the service.

- 时间线

2005-01-25 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 9.3.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

BIND Validator Self Checking Remote Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 12365
Yes No
2005-01-26 12:00:00 2009-07-12 10:06:00
Joao Damas of the Internet Systems Consortium is credited with the disclosure of this issue.

- 受影响的程序版本

Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Linux 1.5
Trustix Secure Enterprise Linux 2.0
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
ISC BIND 9.3
FreeBSD FreeBSD 5.3 -STABLE
FreeBSD FreeBSD 5.3 -RELENG
FreeBSD FreeBSD 5.3 -RELEASE
FreeBSD FreeBSD 5.3
FreeBSD FreeBSD 5.0 -RELENG
ISC BIND 9.3.1

- 不受影响的程序版本

ISC BIND 9.3.1

- 漏洞讨论

A remote denial of service vulnerability affects BIND. This issue is due to a failure of the application to handle exceptional network data.

It should be noted that this issue requires that DNSSEC validation is enabled, which is not the case by default.

A remote attacker may leverage this issue to cause the affected server to crash, denying service to legitimate users.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

The vendor has released an upgrade dealing with this issue.

Mandrake Linux have released an advisory (MDKSA-2005:023) and fixes to address this vulnerability. Customers are advised to read the referenced advisory for further information in regards to obtaining and applying appropriate updates.

Trustix has released advisory TSLSA-2005-0003 to address various issues in multiple products. Please see the referenced advisory for more information.

FreeBSD has released advisory FreeBSD-SA-05:12.bind9, along with a patch to address this issue. Please see the referenced advisory for further information.


FreeBSD FreeBSD 5.3 -RELEASE

FreeBSD FreeBSD 5.3 -RELENG

FreeBSD FreeBSD 5.3

FreeBSD FreeBSD 5.3 -STABLE

ISC BIND 9.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站