Vulnerabilities > CVE-2003-0914

ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.

Vulnerable Configurations

Part	Description	Count
Application	Isc ISC Bind 8.4.1 ISC Bind 8.2.5 ISC Bind 8.3.1 ISC Bind 8.3.2 ISC Bind 8.3.4 ISC Bind 8.2.7 ISC Bind 8.2.4 ISC Bind 8.2.6 ISC Bind 8.3.5 ISC Bind 8.3.0 ISC Bind 8.3.3 ISC Bind 8.3.6 ISC Bind 8.4 ISC Bind 8.2.3	14
Application	Nixu Nixu Namesurfer Suite_3.0.1 Nixu Namesurfer Standard_3.0.1	2
OS	Netbsd Netbsd Netbsd 1.6 Netbsd Netbsd Current Netbsd Netbsd 1.6.1	3
OS	Hp HP HP UX 11.11 HP HP UX 11.00	2
OS	Compaq Compaq Tru64 5.1_Pk3_Bl17 Compaq Tru64 5.1_Pk4_Bl18 Compaq Tru64 5.1B_Pk1_Bl1 Compaq Tru64 4.0F_Pk6_Bl17 Compaq Tru64 4.0G Compaq Tru64 4.0G_Pk3_Bl17 Compaq Tru64 5.1A_Pk4_Bl21 Compaq Tru64 4.0F_Pk8_Bl22 Compaq Tru64 5.1A_Pk3_Bl3 Compaq Tru64 4.0F Compaq Tru64 5.1_Pk6_Bl20 Compaq Tru64 5.1_Pk5_Bl19 Compaq Tru64 5.1B_Pk2_Bl22 Compaq Tru64 5.1A Compaq Tru64 4.0G_Pk4_Bl22 Compaq Tru64 5.1A_Pk5_Bl23 Compaq Tru64 5.1B Compaq Tru64 5.1 Compaq Tru64 5.1A_Pk2_Bl2 Compaq Tru64 4.0F_Pk7_Bl18 Compaq Tru64 5.1A_Pk1_Bl1	21
OS	Sun SUN Sunos 5.7 SUN Sunos 5.8 SUN Solaris 9.0 SUN Solaris 7.0 SUN Solaris 8.0	6
OS	Freebsd Freebsd Freebsd 4.5 Freebsd Freebsd 4.7 Freebsd Freebsd 4.4 Freebsd Freebsd 4.8 Freebsd Freebsd 4.6 Freebsd Freebsd 5.0 Freebsd Freebsd 4.9 Freebsd Freebsd 4.6.2	8
OS	Sco SCO Unixware 7.1.1	1
OS	Ibm IBM AIX 5.1L	1

Nessus

NASL family	DNS
NASL id	BIND_NEGATIVE_CACHE_DOS.NASL
description	The remote BIND server, according to its version number, is vulnerable to a negative cache poison bug that may allow an attacker to disable this service remotely.
last seen	2020-06-01
modified	2020-06-02
plugin id	11932
published	2003-11-27
reporter	This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/11932
title	ISC BIND < 8.3.7 / 8.4.3 Negative Record Cache Poisoning
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(11932); script_version("1.19"); script_cvs_date("Date: 2018/06/27 18:42:25"); script_cve_id("CVE-2003-0914"); script_bugtraq_id(9114); script_xref(name:"Secunia", value:"10300"); script_xref(name:"SuSE", value:"SUSE-SA:2003:047"); script_name(english:"ISC BIND < 8.3.7 / 8.4.3 Negative Record Cache Poisoning"); script_summary(english:"Checks the remote BIND version"); script_set_attribute(attribute:"synopsis", value: "It is possible to disable the remote name server remotely." ); script_set_attribute(attribute:"description", value: "The remote BIND server, according to its version number, is vulnerable to a negative cache poison bug that may allow an attacker to disable this service remotely." ); script_set_attribute(attribute:"solution", value: "Upgrade to BIND 8.3.7 or 8.4.3" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2003/11/27"); script_set_attribute(attribute:"vuln_publication_date", value: "2003/11/26"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc."); script_family(english: "DNS"); script_dependencie("bind_version.nasl"); script_require_keys("bind/version"); exit(0); } vers = get_kb_item("bind/version"); if(!vers)exit(0); if(ereg(string:vers, pattern:"^8\.([0-2]\.\|3\.[0-6]([^0-9]\|$)\|4\.[0-2]([^0-9]\|$))"))security_hole(53);

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_F04CC5CB2D0B11D8BEAF000A95C4D922.NASL
description	A programming error in BIND 8 named can result in a DNS message being incorrectly cached as a negative response. As a result, an attacker may arrange for malicious DNS messages to be delivered to a target name server, and cause that name server to cache a negative response for some target domain name. The name server would thereafter respond negatively to legitimate queries for that domain name, resulting in a denial-of-service for applications that require DNS.
last seen	2020-06-01
modified	2020-06-02
plugin id	36224
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/36224
title	FreeBSD : bind8 negative cache poison attack (f04cc5cb-2d0b-11d8-beaf-000a95c4d922)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(36224); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:36"); script_cve_id("CVE-2003-0914"); script_xref(name:"CERT", value:"734644"); script_xref(name:"FreeBSD", value:"SA-03:19.bind"); script_name(english:"FreeBSD : bind8 negative cache poison attack (f04cc5cb-2d0b-11d8-beaf-000a95c4d922)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "A programming error in BIND 8 named can result in a DNS message being incorrectly cached as a negative response. As a result, an attacker may arrange for malicious DNS messages to be delivered to a target name server, and cause that name server to cache a negative response for some target domain name. The name server would thereafter respond negatively to legitimate queries for that domain name, resulting in a denial-of-service for applications that require DNS." ); # https://vuxml.freebsd.org/freebsd/f04cc5cb-2d0b-11d8-beaf-000a95c4d922.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1b8c2050" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:bind"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/11/28"); script_set_attribute(attribute:"patch_publication_date", value:"2003/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"bind>=8.3<8.3.7")) flag++; if (pkg_test(save_report:TRUE, pkg:"bind>=8.4<8.4.3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-409.NASL
description	A vulnerability was discovered in BIND, a domain name server, whereby a malicious name server could return authoritative negative responses with a large TTL (time-to-live) value, thereby rendering a domain name unreachable. A successful attack would require that a vulnerable BIND instance submit a query to a malicious nameserver. The bind9 package is not affected by this vulnerability.
last seen	2020-06-01
modified	2020-06-02
plugin id	15246
published	2004-09-29
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15246
title	Debian DSA-409-1 : bind - denial of service

NASL family	SuSE Local Security Checks
NASL id	SUSE_SA_2003_047.NASL
description	The remote host is missing the patch for the advisory SuSE-SA:2003:047 (bind8). To resolve IP addresses to host and domain names and vice versa the DNS service needs to be consulted. The most popular DNS software is the BIND8 and BIND9 suite. The BIND8 code is vulnerable to a remote denial-of-service attack by poisoning the cache with authoritative negative responses that should not be accepted otherwise. To execute this attack a name-server needs to be under malicious control and the victim
last seen	2020-06-01
modified	2020-06-02
plugin id	13815
published	2004-07-25
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/13815
title	SuSE-SA:2003:047: bind8

NASL family	AIX Local Security Checks
NASL id	AIX_IY49881.NASL
description	The remote host is missing AIX Critical Security Patch number IY49881 (Anti-cache poisoning techniques to negative answers). You should install this patch for your system to be up-to-date.
last seen	2020-06-01
modified	2020-06-02
plugin id	14428
published	2004-08-27
reporter	This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14428
title	AIX 5.1 : IY49881

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_BIND8_NEG_POISON.NASL
description	The following package needs to be updated: bind
last seen	2016-09-26
modified	2004-07-06
plugin id	12526
published	2004-07-06
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=12526
title	FreeBSD : bind8 negative cache poison attack (17)

NASL family	AIX Local Security Checks
NASL id	AIX_IY49883.NASL
description	The remote host is missing AIX Critical Security Patch number IY49883 (Anti-cache poison techniques to negative answers). You should install this patch for your system to be up-to-date.
last seen	2020-06-01
modified	2020-06-02
plugin id	14429
published	2004-08-27
reporter	This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14429
title	AIX 5.2 : IY49883

Oval

accepted

2005-02-16T12:00:00.000-04:00

class

vulnerability

contributors

name Brian Soby
organization The MITRE Corporation
name Brian Soby
organization The MITRE Corporation
name Brian Soby
organization The MITRE Corporation

description

ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.

family

unix

oval:org.mitre.oval:def:2011

status

accepted

submitted

2004-10-19T12:00:00.000-04:00

title

ISC BIND Cache Poison Denial Of Service

version

Vulnerabilities > CVE-2003-0914 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2003-0914"}]}

Summary

Vulnerable Configurations

Nessus

Oval

References

Vulnerabilities > CVE-2003-0914