CERTA-2002-AVI-116

Vulnerability from certfr_avis - Published: - Updated:

Il est possible de fabriquer un paquet DNS qui, envoyé au serveur, provoquera son arrêt.

Description

Lorsque certains tests de cohérence échouent sur un message, le serveur s'arrête au lieu de simplement rejeter la requête. Des paquets peuvent donc être créés pour déclencher ce comportement et obtenir un déni de service.

Solution

Mettre à jour BIND 9 avec une version au moins égale à la 9.2.1.

  • Sources

    http://www.isc.org/products/BIND/bind9.html

  • Red Hat Linux

    http://rhn.redhat.com/errata/RHSA-2002-105.html

  • Mandrake Linux

    http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-038.php

Tout système utilisant BIND 9 dans une version antérieure à la 9.2.1 (versions 4 et 8 non affectées).

Impacted products
Vendor Product Description
References
Avis CA-2002-15 du CERT/CC None vendor-advisory
Avis du CERT/CC - other

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eTout syst\u00e8me utilisant BIND 9 dans une version ant\u00e9rieure \u00e0 la  9.2.1 (versions 4 et 8 non affect\u00e9es).\u003c/P\u003e",
  "content": "## Description\n\nLorsque certains tests de coh\u00e9rence \u00e9chouent sur un message, le serveur\ns\u0027arr\u00eate au lieu de simplement rejeter la requ\u00eate. Des paquets peuvent\ndonc \u00eatre cr\u00e9\u00e9s pour d\u00e9clencher ce comportement et obtenir un d\u00e9ni de\nservice.\n\n## Solution\n\nMettre \u00e0 jour BIND 9 avec une version au moins \u00e9gale \u00e0 la 9.2.1.\n\n-   Sources\n\n        http://www.isc.org/products/BIND/bind9.html\n\n-   Red Hat Linux\n\n        http://rhn.redhat.com/errata/RHSA-2002-105.html\n\n-   Mandrake Linux\n\n        http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-038.php\n",
  "cves": [],
  "links": [
    {
      "title": "Avis du CERT/CC",
      "url": "http://www.kb.cert.org/vuls/id/739123"
    }
  ],
  "reference": "CERTA-2002-AVI-116",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2002-06-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni du service dns assur\u00e9 par bind avec incidences sur tous les protocoles l\u0027utilisant (http, smtp,...)"
    }
  ],
  "summary": "Il est possible de fabriquer un paquet DNS qui, envoy\u00e9 au serveur,\nprovoquera son arr\u00eat.\n",
  "title": "D\u00e9ni de service sur BIND 9",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis CA-2002-15 du CERT/CC",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.