-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2011.0072
         A number of vulnerabilities have been identified in BIND
                             1 September 2011

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              BIND
Operating System:     Windows
                      UNIX variants (UNIX, Linux, OSX)
Impact/Access:        Denial of Service -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2011-1910  
Member content until: Saturday, October  1 2011
Reference:            ASB-2011.0061

OVERVIEW

        A number of vulnerabilities have been identified in BIND prior to 
        version 9.8.1.


IMPACT

        The vendor has provided the following details regarding these
        vulnerabilities:
        
        "If named is configured with a response policy zone (RPZ) and a query 
        of type RRSIG is received for a name configured for RRset replacement 
        in that RPZ, it will trigger an INSIST and crash the server. RRSIG. 
        [RT #24280]" [1]
        
        "named, set up to be a caching resolver, is vulnerable to a user 
        querying a domain with very large resource record sets (RRSets) when 
        trying to negatively cache the response. Due to an off-by-one error, 
        caching the response could cause named to crash. [RT #24650] 
        [CVE-2011-1910]" [1]
        
        "Using Response Policy Zone (RPZ) to query a wildcard CNAME label with 
        QUERY type SIG/RRSIG, it can cause named to crash. Fix is query type 
        independant. [RT #24715]" [1]
        
        "Using Response Policy Zone (RPZ) with DNAME records and querying the 
        subdomain of that label can cause named to crash. Now logs that DNAME 
        is not supported. [RT #24766]" [1]
        
        "Change #2912 populated the message section in replies to UPDATE 
        requests, which some Windows clients wanted. This exposed a latent bug 
        that allowed the response message to crash named. With this fix, change 
        2912 has been reduced to copy only the zone section to the reply. A 
        more complete fix for the latent bug will be released later. 
        [RT #24777]" [1]


MITIGATION

        The vendor recommends upgrading to the latest version of BIND to 
        correct these issues. [1]


REFERENCES

        [1] BIND 9.8.1 is the current production release of BIND 9.8.
            ftp://ftp.isc.org/isc/bind9/9.8.1/RELEASE-NOTES-BIND-9.8.1.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBTl7riu4yVqjM2NGpAQI5KBAAvosjIqI9UQ5uRxFbLWi8Q77wRJAdqcyi
f4r87A4Pkr0HwabugNNuN9NjZO4xLMubPz7rZLPJ5MTjhU5me6ArXr6nrfmneWEX
76SgxJhS9OuPJFHt8t0iyYPUQtfrNwmTK6hHI149ZxAh33+dQwmojpKcdp+wRgPi
moegWAzjgFPJa31xid8dc+KYuoXNPocnj+JK51T9JG5TLWOqx6ALhOEj5NJrla8U
FIqYHiLhnLedK7d6UN9pOjksnItVJzjABdtGBNCieEy32mFxJXRaUJg5rO1PQoQc
5j5uOfogfyyEAWEgd5D+r717wRomWpBhYC6mkxleFsrnnZubYJiqCGMOf6t1szrl
kD0NpeWHIY4ZXtcFrLZUrby1kJblYML96e1SSb7GBH8FQI+iTPPc9dJYGmcYgh2y
2Z+71fhXkVk4zjHj/ZufkkWwtjBrx3mxsPm8EOXKEF7XP//6sjDh5HuZlkegVHu7
r2ef+PXqBXQyT4mMz8UIV0hKV1sbuV5DGGEOJGGFtyGt3J8U5bw8Cnge8XANNNu9
MzEVTyXWHSV0FX3QVBvHWDwbFC9vY7ztVkTzZsUfXKj0DxAmjWi7mCE3A2lQfXpl
owYivoaDMaQvoPQTakz+/GZp+X4ulSZsvg5ObCcJ7DYrBR6mYOCI5YrMZ03ibqoc
M469addIH7o=
=mj2i
-----END PGP SIGNATURE-----