Vulnerabilities > CVE-2011-1907 - Resource Management Errors vulnerability in ISC Bind 9.8.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
isc
CWE-399
nessus
NVD
Published: 2011-05-09
Updated: 2018-10-09

Summary

ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query.

Vulnerable Configurations

Part Description Count
Application
Isc
1

Common Weakness Enumeration (CWE)

Nessus

NASL familyDNS
NASL idBIND9_980_P1.NASL
descriptionAccording to its self-reported version number, the remote installation of BIND is potentially affected by a denial of service vulnerability. This issue only affects BIND installations that use the RPZ feature configured for RRset replacement. When RPZ is being used, a query of type RRSIG for a name configured for RRset replacement will trigger an assertion failure and cause the name server process to exit. Note that Nessus has only relied on the version itself and not attempted to determine whether the install actually uses the RPZ feature.
last seen2020-06-01
modified2020-06-02
plugin id53842
published2011-05-09
reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/53842
titleISC BIND Response Policy Zones RRSIG Query Assertion Failure DoS
code
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(53842);
  script_version("1.8");
  script_cvs_date("Date: 2018/06/27 18:42:25");

  script_cve_id("CVE-2011-1907");
  script_bugtraq_id(47734);
  script_xref(name:"Secunia", value:"44416");

  script_name(english:"ISC BIND Response Policy Zones RRSIG Query Assertion Failure DoS");
  script_summary(english:"Checks version of BIND");

  script_set_attribute(attribute:"synopsis", value:
"The remote name server may be affected by a denial of service
vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the remote installation
of BIND is potentially affected by a denial of service vulnerability.
This issue only affects BIND installations that use the RPZ feature
configured for RRset replacement. When RPZ is being used, a query of
type RRSIG for a name configured for RRset replacement will trigger an
assertion failure and cause the name server process to exit.

Note that Nessus has only relied on the version itself and not
attempted to determine whether the install actually uses the RPZ
feature.");
  script_set_attribute(attribute:"see_also", value:"http://ftp.isc.org/isc/bind9/9.8.0-P1/RELEASE-NOTES-BIND-9.8.0-P1.html");
  # https://kb.isc.org/article/AA-00460/0/CVE-2011-1907%3A-RRSIG-Queries-Can-Trigger-Server-Crash-When-Using-Response-Policy-Zones.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3d67b84a");
  script_set_attribute(attribute:"solution", value:"Upgrade to BIND 9.8.0-P1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/05/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/05/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/09");

  script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind");
  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"DNS");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("bind_version.nasl");
  script_require_keys("bind/version", "Settings/ParanoidReport");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

version = get_kb_item_or_exit("bind/version");

if (version =~ '^9\\.8\\.0' && version !~ '^9\\.8\\.0-P')
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 9.8.0-P1' +
      '\n';
    security_warning(port:53, proto:"udp", extra:report);
  }
  else security_warning(port:53, proto:"udp");
}
else exit(0, 'BIND version ' + version + ' is running on UDP port 53 and thus is not affected.');

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 47734 CVE ID: CVE-2011-1907 BIND是一个应用非常广泛的DNS协议的实现,由ISC负责维护,具体的开发由Nominum公司完成。 ISC BIND在实现上存在远程拒绝服务漏洞,由于未能正确处理某些记录类型,攻击者可利用此漏洞造成应用程序进程崩溃,拒绝服务合法用户。 此问题仅影响将配置的RPZ功能用于RRset替换的BIND用户。BIND 9.8.0引入了RPZ机制,用于修改递归服务器根据一组规则返回的DNS响应。在典型配置中,RPZ用于强制可疑名称的NXDOMAIN响应,也用于RRset替换。在使用RPZ时,配置了RRset替换的名称类型RRSIG查询将触发断言失败,造成退出DNS进程 RedHat Fedora 15 厂商补丁: RedHat ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.redhat.com/apps/support/errata/index.html
idSSV:20528
last seen2017-11-19
modified2011-05-10
published2011-05-10
reporterRoot
titleISC BIND 9 RRSIG Query类型远程拒绝服务漏洞

References