Vulnerabilities > CVE-2005-0034 - Remote Denial Of Service vulnerability in ISC Bind 9.3.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail.
Nessus
NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL4351.NASL description The remote BIG-IP device is missing a patch required by a security advisory. last seen 2020-06-01 modified 2020-06-02 plugin id 78201 published 2014-10-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78201 title F5 Networks BIG-IP : BIND 9.3.0 denial of service vulnerability (SOL4351) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution SOL4351. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(78201); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:06"); script_cve_id("CVE-2005-0034"); script_name(english:"F5 Networks BIG-IP : BIND 9.3.0 denial of service vulnerability (SOL4351)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "The remote BIG-IP device is missing a patch required by a security advisory." ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K4351" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution SOL4351." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"patch_publication_date", value:"2007/05/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "SOL4351"; vmatrix = make_array(); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("9.0.0-9.0.5"); vmatrix["LTM"]["unaffected"] = make_list("9.1","9.2","9.3","9.4","9.6","10"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get()); else security_warning(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running the affected module LTM"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_30E4ED7B1CA611DABC01000E0C2E438A.NASL description Problem description A DNSSEC-related validator function in BIND 9.3.0 contains an inappropriate internal consistency test. When this test is triggered, named(8) will exit. Impact On systems with DNSSEC enabled, a remote attacker may be able to inject a specially crafted packet that will cause the internal consistency test to trigger, and named(8) to terminate. As a result, the name server will no longer be available to service requests. Workaround DNSSEC is not enabled by default, and the last seen 2020-06-01 modified 2020-06-02 plugin id 21410 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21410 title FreeBSD : bind9 -- denial of service (30e4ed7b-1ca6-11da-bc01-000e0c2e438a) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(21410); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:37"); script_cve_id("CVE-2005-0034"); script_xref(name:"CERT", value:"938617"); script_name(english:"FreeBSD : bind9 -- denial of service (30e4ed7b-1ca6-11da-bc01-000e0c2e438a)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Problem description A DNSSEC-related validator function in BIND 9.3.0 contains an inappropriate internal consistency test. When this test is triggered, named(8) will exit. Impact On systems with DNSSEC enabled, a remote attacker may be able to inject a specially crafted packet that will cause the internal consistency test to trigger, and named(8) to terminate. As a result, the name server will no longer be available to service requests. Workaround DNSSEC is not enabled by default, and the 'dnssec-enable' directive is not normally present. If DNSSEC has been enabled, disable it by changing the 'dnssec-enable' directive to 'dnssec-enable no;' in the named.conf(5) configuration file." ); # http://www.uniras.gov.uk/niscc/docs/al-20050125-00060.html?lang=en script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?93b26d47" ); # http://www.isc.org/sw/bind/bind9.3.php#security script_set_attribute( attribute:"see_also", value:"http://www.isc.org/downloads/bind/bind9.3.php#security" ); # https://vuxml.freebsd.org/freebsd/30e4ed7b-1ca6-11da-bc01-000e0c2e438a.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?45431c73" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:bind9"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/25"); script_set_attribute(attribute:"patch_publication_date", value:"2005/09/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"bind9=9.3.0")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family DNS NASL id BIND_VALIDATOR_DOS.NASL description The remote BIND server, according to its version number, has a flaw in the way last seen 2020-06-01 modified 2020-06-02 plugin id 16261 published 2005-01-26 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16261 title ISC BIND < 9.3.1 Validator Self Checking Remote DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(16261); script_version("1.23"); script_cvs_date("Date: 2018/06/27 18:42:25"); script_cve_id("CVE-2005-0034"); script_bugtraq_id(12365, 12497); script_xref(name:"CERT", value:"938617"); script_name(english:"ISC BIND < 9.3.1 Validator Self Checking Remote DoS"); script_summary(english:"Checks the remote BIND version"); script_set_attribute(attribute:"synopsis", value: "The remote name server is prone to a denial of service attack." ); script_set_attribute(attribute:"description", value: "The remote BIND server, according to its version number, has a flaw in the way 'authvalidator()' is implemented. Provided DNSSEC has been enabled in the remote name server, an attacker may be able to launch a denial of service attack against the remote service." ); # https://kb.isc.org/article/AA-00958/0/CVE-2005-0034%3A-BIND%3A-Self-check-failing.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cde0d404"); script_set_attribute(attribute:"solution", value: "Upgrade to BIND 9.3.1 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/01/26"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/01/25"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english: "DNS"); script_dependencie("bind_version.nasl"); script_require_keys("bind/version"); exit(0); } include('global_settings.inc'); if (report_paranoia < 1) exit(0); # FP on Mandrake vers = string(get_kb_item("bind/version")); if(!vers)exit(0); if (ereg(string:vers, pattern:"^9\.3\.0$")) security_warning(port: 53, proto: 'udp');NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-023.NASL description A vulnerability was discovered in BIND version 9.3.0 where a remote attacker may be able to cause named to exit prematurely, causing a Denial of Service due to an incorrect assumption in the validator function authvalidated(). The updated packages have been patched to prevent this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 16269 published 2005-01-27 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16269 title Mandrake Linux Security Advisory : bind (MDKSA-2005:023)
References
- http://secunia.com/advisories/14008
- http://securitytracker.com/id?1012995
- http://www.isc.org/index.pl?/sw/bind/bind9.php
- http://www.isc.org/index.pl?/sw/bind/bind-security.php
- http://www.kb.cert.org/vuls/id/938617
- http://www.securityfocus.com/bid/12365
- http://www.trustix.org/errata/2005/0003/
- http://www.uniras.gov.uk/niscc/docs/al-20050125-00060.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19062