Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2011.0102 New vulnerability found and patched in BIND 17 November 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BIND Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2011-4313 Member content until: Saturday, December 17 2011 Reference: ESB-2011.1155 Comment: This vulnerability is being actively exploited. Vendors will likely be releasing patches shortly, Debian has already released the patch (see: ESB-2011.1155). OVERVIEW A denial of service vulnerability has been identified in all current versions of BIND 9. [1] IMPACT Various organisations have reported to ISC that their BIND 9 servers have been crashing after performing recursive queries. ISC has stated that the problem is that BIND would cache an invalid record for which subsequent queries would trigger the crash. [1] MITIGATION ISC has released mitigation patches that help mitigate this. The patches stop the inconsistent data from being returned from the cache and also detect and prevent a crash if the inconsistent data is found. [1] The patched versions of BIND are: - BIND 9.8.1-p1 - BIND 9.7.4-p1 - BIND 9.6-ESV-R5-p1 - BIND 9.4-ESV-R5-p1 REFERENCES [1] BIND 9 Resolver crashes after logging an error in query.c https://www.isc.org/software/bind/advisories/cve-2011-4313 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTsRGw+4yVqjM2NGpAQJJohAAtFP/9dnJlaGVGx7DUyK8d/IbSK3c7+AJ tCjE1zIA5Sg2crQLxhF3cwc94iVxKHu/cXC3ZBK3apOkfIkLgmlsPiNmtMFMNp7a mNphxmY/eG1lOJWz+ohEV17rCiHSR7IK+DyDVwSkyVL5xesJvkHhteeDaLE0HwTc ZKH53hf0BtkiDzKtGt2mVocyU9ykbMUxzznRamnsAnSZkyxQA/FS8vlv/BaGCuDR VuMoUcYY774YMLMUeb4DZvtcaPUmXB/SI6QPIrhIXD2ajbqFdMA+WTYq5WFP4d8F xAhwE7RzIaddzH7wfRH54+dQaduIJhyTjNdvLefs238jaoXYs8yqfECXeJBDLPuR sQppTxMBvaRxjgKn6vg2IQRCiW6wjfHirkHdvYBBAyNBG2/vLTM8+Vr5N0YL5T3M RBxie7EyAwSZODHrNq97TZ2XWezWSXh/eIO+Wzcc0Tco03ANVC+e344quaJ2FKBs SmYzg/6f0C1R8QmppIEnzcdm+5drWahOVUh2Kn5dEBqF3Aj7p6QCQdbdMCAR3p2p 5YIk1KpBuXR8QYLn/lX4gmEuQN9ew0wb63D7gkGUQ5vNq7Nrvn+Bw5r2ZIbC/Z7q yqwT3h6ROu2ZxG6pvWZaf+V2fdjPtQEC7inivRj9lX3yqX6ROCNW81Iaua7s0moj Kexca9O/5lo= =zvV8 -----END PGP SIGNATURE-----