Denial of Service : ISC BIND DoS Vulnerability (CVE-2011-1907)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.117778

Categoría: Denial of Service

Título: ISC BIND DoS Vulnerability (CVE-2011-1907)

Resumen: ISC BIND is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
ISC BIND is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
BIND 9.8.0 introduced Response Policy Zones (RPZ), a mechanism
for modifying DNS responses returned by a recursive server according to a set of rules which are
either defined locally or imported from a reputation provider. In typical configurations, RPZ is
used to force NXDOMAIN responses for untrusted names. It can also be used for RRset replacement,
i.e., returning a positive answer defined by the response policy.

Vulnerability Impact:
When RPZ is being used, a query of type RRSIG for a name
configured for RRset replacement will trigger an assertion failure and cause the name server
process to exit.

Affected Software/OS:
ISC BIND version 9.8.0 only.

Note: Only BIND installations which are using the RPZ feature configured for RRset replacement are
affected.

Solution:
Update to version 9.8.0-P1 or later.

As a workaround use RPZ only for forcing NXDOMAIN responses and not for RRset replacement.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1907
BugTraq ID: 47734
http://www.securityfocus.com/bid/47734
Bugtraq: 20110506 Security Advisory: DNS BIND Security Advisory: RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones (Google Search)
http://www.securityfocus.com/archive/1/517900/100/0/threaded
http://www.securitytracker.com/id?1025503
http://secunia.com/advisories/44416
http://www.vupen.com/english/advisories/2011/1183
XForce ISS Database: iscbind-rrsig-dos(67297)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67297

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.117778
Categoría:	Denial of Service
Título:	ISC BIND DoS Vulnerability (CVE-2011-1907)
Resumen:	ISC BIND is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: ISC BIND is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: BIND 9.8.0 introduced Response Policy Zones (RPZ), a mechanism for modifying DNS responses returned by a recursive server according to a set of rules which are either defined locally or imported from a reputation provider. In typical configurations, RPZ is used to force NXDOMAIN responses for untrusted names. It can also be used for RRset replacement, i.e., returning a positive answer defined by the response policy. Vulnerability Impact: When RPZ is being used, a query of type RRSIG for a name configured for RRset replacement will trigger an assertion failure and cause the name server process to exit. Affected Software/OS: ISC BIND version 9.8.0 only. Note: Only BIND installations which are using the RPZ feature configured for RRset replacement are affected. Solution: Update to version 9.8.0-P1 or later. As a workaround use RPZ only for forcing NXDOMAIN responses and not for RRset replacement. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1907 BugTraq ID: 47734 http://www.securityfocus.com/bid/47734 Bugtraq: 20110506 Security Advisory: DNS BIND Security Advisory: RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones (Google Search) http://www.securityfocus.com/archive/1/517900/100/0/threaded http://www.securitytracker.com/id?1025503 http://secunia.com/advisories/44416 http://www.vupen.com/english/advisories/2011/1183 XForce ISS Database: iscbind-rrsig-dos(67297) https://exchange.xforce.ibmcloud.com/vulnerabilities/67297
Copyright	Copyright (C) 2021 Greenbone Networks GmbH