Vulnerabilities > CVE-2011-2464 - Packet Processing Remote Denial of Service vulnerability in ISC BIND 9
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 41 |
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0926.NASL description From Red Hat Security Advisory 2011:0926 : Updated bind and bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS requests. A remote attacker could use this flaw to send a specially crafted DNS request packet to BIND, causing it to exit unexpectedly due to a failed assertion. (CVE-2011-2464) Users of bind97 on Red Hat Enterprise Linux 5, and bind on Red Hat Enterprise Linux 6, are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68303 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68303 title Oracle Linux 5 / 6 : bind (ELSA-2011-0926) NASL family SuSE Local Security Checks NASL id SUSE_11_4_BIND-110706.NASL description A remote Denial of Service vulnerability has been fixed in bind. Specially crafted packets could cause bind servers (recursive as well as authoritative) to exit. CVE-2011-2464 has been assigned to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 75794 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75794 title openSUSE Security Update : bind (openSUSE-SU-2011:0788-1) NASL family SuSE Local Security Checks NASL id SUSE_BIND-7614.NASL description A remote denial of service vulnerability has been fixed in bind. Specially crafted packets could cause bind servers (recursive as well as authoritative) to exit. last seen 2020-06-01 modified 2020-06-02 plugin id 57161 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57161 title SuSE 10 Security Update : bind (ZYPP Patch Number 7614) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1163-1.NASL description It was discovered that Bind incorrectly handled certain specially crafted packets. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55522 published 2011-07-06 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55522 title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : bind9 vulnerability (USN-1163-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-115.NASL description A vulnerability was discovered and corrected in bind : Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request (CVE-2011-2464). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been upgraded to bind 9.7.3-P3 which is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 55634 published 2011-07-21 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55634 title Mandriva Linux Security Advisory : bind (MDVSA-2011:115) NASL family SuSE Local Security Checks NASL id SUSE_11_BIND-110706.NASL description A remote Denial of Service vulnerability has been fixed in bind. Specially crafted packets could cause bind servers (recursive as well as authoritative) to exit. last seen 2020-06-01 modified 2020-06-02 plugin id 55547 published 2011-07-11 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55547 title SuSE 11.1 Security Update : bind (SAT Patch Number 4846) NASL family Scientific Linux Local Security Checks NASL id SL_20110707_BIND_ON_SL5_X.NASL description The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS requests. A remote attacker could use this flaw to send a specially crafted DNS request packet to BIND, causing it to exit unexpectedly due to a failed assertion. (CVE-2011-2464) After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 61080 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61080 title Scientific Linux Security Update : bind on SL5.x, SL6.x i386/x86_64 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-01.NASL description The remote host is affected by the vulnerability described in GLSA-201206-01 (BIND: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact : The vulnerabilities allow remote attackers to cause a Denial of Service (daemon crash) via a DNS query, to bypass intended access restrictions, to incorrectly cache a ncache entry and a rrsig for the same type and to incorrectly mark zone data as insecure. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59629 published 2012-06-21 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59629 title GLSA-201206-01 : BIND: Multiple vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_10_7_2.NASL description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.2. This version contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreMedia - CoreProcesses - CoreStorage - File Systems - iChat Server - Kernel - libsecurity - Open Directory - PHP - python - QuickTime - SMB File Server - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 56480 published 2011-10-13 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56480 title Mac OS X 10.7.x < 10.7.2 Multiple Vulnerabilities NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL12986.NASL description Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a Denial of Service (DoS) (named daemon crash) by way of a crafted UPDATE request. last seen 2020-06-01 modified 2020-06-02 plugin id 78130 published 2014-10-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78130 title F5 Networks BIG-IP : BIND vulnerability (SOL12986) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_FD64188DA71D11E089B4001EC9578670.NASL description ISC reports : A defect in the affected BIND 9 versions allows an attacker to remotely cause the last seen 2020-06-01 modified 2020-06-02 plugin id 55518 published 2011-07-06 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55518 title FreeBSD : BIND -- Remote DoS against authoritative and recursive servers (fd64188d-a71d-11e0-89b4-001ec9578670) NASL family SuSE Local Security Checks NASL id SUSE_11_3_BIND-110706.NASL description A remote Denial of Service vulnerability has been fixed in bind. Specially crafted packets could cause bind servers (recursive as well as authoritative) to exit. CVE-2011-2464 has been assigned to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 75440 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75440 title openSUSE Security Update : bind (openSUSE-SU-2011:0788-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2272.NASL description It was discovered that BIND, a DNS server, does not correctly process certain UPDATE requests, resulting in a server crash and a denial of service. This vulnerability affects BIND installations even if they do not actually use dynamic DNS updates. last seen 2020-03-17 modified 2011-07-06 plugin id 55516 published 2011-07-06 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55516 title Debian DSA-2272-1 : bind9 - denial of service NASL family Fedora Local Security Checks NASL id FEDORA_2011-9127.NASL description This update fixes CVE-2011-2464. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55657 published 2011-07-25 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55657 title Fedora 14 : bind-9.7.4-0.3.b1.fc14 (2011-9127) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2011-224-01.NASL description New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55834 published 2011-08-15 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55834 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 8.1 / 9.0 / 9.1 / current : bind (SSA:2011-224-01) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2020-0021.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details. last seen 2020-06-10 modified 2020-06-05 plugin id 137170 published 2020-06-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137170 title OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0926.NASL description Updated bind and bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS requests. A remote attacker could use this flaw to send a specially crafted DNS request packet to BIND, causing it to exit unexpectedly due to a failed assertion. (CVE-2011-2464) Users of bind97 on Red Hat Enterprise Linux 5, and bind on Red Hat Enterprise Linux 6, are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 55536 published 2011-07-08 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55536 title CentOS 5 : bind97 (CESA-2011:0926) NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_42727.NASL description s700_800 11.23 BIND 9.2.0 Revision 5.0 : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). (HPSBUX02729 SSRT100687) - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). (HPSBUX02719 SSRT100658) last seen 2020-06-01 modified 2020-06-02 plugin id 56840 published 2012-03-06 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56840 title HP-UX PHNE_42727 : s700_800 11.23 BIND 9.2.0 Revision 5.0 NASL family Fedora Local Security Checks NASL id FEDORA_2011-9146.NASL description Update to the 9.8.0-P4 security release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55562 published 2011-07-12 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55562 title Fedora 15 : bind-9.8.0-7.P4.fc15 (2011-9146) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2011-006.NASL description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2011-006 applied. This update contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreFoundation - CoreMedia - File Systems - IOGraphics - iChat Server - Mailman - MediaKit - PHP - postfix - python - QuickTime - Tomcat - User Documentation - Web Server - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 56481 published 2011-10-13 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56481 title Mac OS X Multiple Vulnerabilities (Security Update 2011-006) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2011-189-01.NASL description New bind packages are available for Slackware 13.37, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 55704 published 2011-07-28 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55704 title Slackware 13.37 / current : bind (SSA:2011-189-01) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0066.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776) last seen 2020-06-01 modified 2020-06-02 plugin id 99569 published 2017-04-21 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99569 title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0926.NASL description Updated bind and bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS requests. A remote attacker could use this flaw to send a specially crafted DNS request packet to BIND, causing it to exit unexpectedly due to a failed assertion. (CVE-2011-2464) Users of bind97 on Red Hat Enterprise Linux 5, and bind on Red Hat Enterprise Linux 6, are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 55539 published 2011-07-08 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55539 title RHEL 5 / 6 : bind (RHSA-2011:0926) NASL family DNS NASL id BIND9_980_P4.NASL description According to its self-reported version number, the remote installation of BIND is potentially affected by a denial of service vulnerability. If an attacker sends a specially crafted request to a BIND server it may cause the name server process to crash. Note that Nessus has only relied on the version itself and has not attempted to determine whether or not the install is actually vulnerable. last seen 2020-06-01 modified 2020-06-02 plugin id 55534 published 2011-07-07 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55534 title ISC BIND 9 Unspecified Packet Processing Remote DoS
Oval
| accepted | 2015-04-20T04:00:36.971-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| description | Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:13997 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2012-01-30T10:50:28.000-05:00 | ||||||||||||||||||||
| title | HP-UX Running BIND, Remote Denial of Service (DoS) | ||||||||||||||||||||
| version | 50 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 48566 CVE ID: CVE-2011-2464 BIND是一个应用非常广泛的DNS协议的实现,由ISC负责维护,具体的开发由Nominum公司完成。 ISC BIND在处理特制的UPDATE请求时存在拒绝服务漏洞,远程攻击者可利用此漏洞影响递归和授权服务器,造成拒绝服务。 此漏洞源于处理UPDATE请求时的错误,通过发送特制的UPDATE请求造成named进程中断。因为漏洞代码所在位置,不可能通过named.conf中配置的ACL或禁用一些功能(在编译时或运行时)来保护BIND。 ISC BIND 9.7.1-P2 ISC BIND 9.7.1-P1 ISC BIND 9.7.1 ISC BIND 9.7.0 P2 ISC BIND 9.7.0 厂商补丁: ISC --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.isc.org/ |
| id | SSV:20706 |
| last seen | 2017-11-19 |
| modified | 2011-07-07 |
| published | 2011-07-07 |
| reporter | Root |
| title | ISC BIND UPDATE请求处理拒绝服务漏洞 |
References
- http://blogs.oracle.com/sunsecurity/entry/cve_2011_2464_remote_denial
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062846.html
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00006.html
- http://marc.info/?l=bugtraq&m=131983337229394&w=2
- http://osvdb.org/73605
- http://secunia.com/advisories/45082
- http://secunia.com/advisories/45089
- http://secunia.com/advisories/45143
- http://secunia.com/advisories/45177
- http://secunia.com/advisories/45185
- http://secunia.com/advisories/45223
- http://secunia.com/advisories/45410
- http://secunia.com/advisories/45412
- http://support.apple.com/kb/HT5002
- http://www.debian.org/security/2011/dsa-2272
- http://www.isc.org/software/bind/advisories/cve-2011-2464
- http://www.kb.cert.org/vuls/id/142646
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:115
- http://www.redhat.com/support/errata/RHSA-2011-0926.html
- http://www.securityfocus.com/archive/1/518749/100/0/threaded
- http://www.securityfocus.com/bid/48566
- http://www.securitytracker.com/id?1025742
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.377171
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68375
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13997
- https://www.ubuntu.com/usn/USN-1163-1/