Denial of Service : ISC BIND DoS Vulnerability (CVE-2011-1907)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.117778

Kategorie: Denial of Service

Titel: ISC BIND DoS Vulnerability (CVE-2011-1907)

Zusammenfassung: ISC BIND is prone to a denial of service (DoS) vulnerability.

Beschreibung: Summary:
ISC BIND is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
BIND 9.8.0 introduced Response Policy Zones (RPZ), a mechanism
for modifying DNS responses returned by a recursive server according to a set of rules which are
either defined locally or imported from a reputation provider. In typical configurations, RPZ is
used to force NXDOMAIN responses for untrusted names. It can also be used for RRset replacement,
i.e., returning a positive answer defined by the response policy.

Vulnerability Impact:
When RPZ is being used, a query of type RRSIG for a name
configured for RRset replacement will trigger an assertion failure and cause the name server
process to exit.

Affected Software/OS:
ISC BIND version 9.8.0 only.

Note: Only BIND installations which are using the RPZ feature configured for RRset replacement are
affected.

Solution:
Update to version 9.8.0-P1 or later.

As a workaround use RPZ only for forcing NXDOMAIN responses and not for RRset replacement.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-1907
BugTraq ID: 47734
http://www.securityfocus.com/bid/47734
Bugtraq: 20110506 Security Advisory: DNS BIND Security Advisory: RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones (Google Search)
http://www.securityfocus.com/archive/1/517900/100/0/threaded
http://www.securitytracker.com/id?1025503
http://secunia.com/advisories/44416
http://www.vupen.com/english/advisories/2011/1183
XForce ISS Database: iscbind-rrsig-dos(67297)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67297

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.117778
Kategorie:	Denial of Service
Titel:	ISC BIND DoS Vulnerability (CVE-2011-1907)
Zusammenfassung:	ISC BIND is prone to a denial of service (DoS) vulnerability.
Beschreibung:	Summary: ISC BIND is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: BIND 9.8.0 introduced Response Policy Zones (RPZ), a mechanism for modifying DNS responses returned by a recursive server according to a set of rules which are either defined locally or imported from a reputation provider. In typical configurations, RPZ is used to force NXDOMAIN responses for untrusted names. It can also be used for RRset replacement, i.e., returning a positive answer defined by the response policy. Vulnerability Impact: When RPZ is being used, a query of type RRSIG for a name configured for RRset replacement will trigger an assertion failure and cause the name server process to exit. Affected Software/OS: ISC BIND version 9.8.0 only. Note: Only BIND installations which are using the RPZ feature configured for RRset replacement are affected. Solution: Update to version 9.8.0-P1 or later. As a workaround use RPZ only for forcing NXDOMAIN responses and not for RRset replacement. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1907 BugTraq ID: 47734 http://www.securityfocus.com/bid/47734 Bugtraq: 20110506 Security Advisory: DNS BIND Security Advisory: RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones (Google Search) http://www.securityfocus.com/archive/1/517900/100/0/threaded http://www.securitytracker.com/id?1025503 http://secunia.com/advisories/44416 http://www.vupen.com/english/advisories/2011/1183 XForce ISS Database: iscbind-rrsig-dos(67297) https://exchange.xforce.ibmcloud.com/vulnerabilities/67297
Copyright	Copyright (C) 2021 Greenbone Networks GmbH