正文

ISC BIND 9 函数dns_db_findrdataset() 拒绝服务漏洞

admin
admin V管理员 /0 评论 /8 阅读
0105
此篇文章发布距今已超过1219天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

ISC BIND 9 函数dns_db_findrdataset() 拒绝服务漏洞

  • CNNVD编号:CNNVD-200907-405
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2009-0696
  • 漏洞类型: 配置错误
  • 发布时间: 2009-07-29
  • 威胁类型: 远程
  • 更新时间: 2009-08-15
  • 厂        商: isc
  • 漏洞来源: Matthias Urlichs

漏洞简介

BIND是一个应用非常广泛的DNS协议的实现,由ISC负责维护,具体的开发由Nominum公司完成 。

BIND服务器在处理畸形格式的动态更新请求时存在漏洞,如果远程攻击者向BIND服务器所发送的动态更新消息中包含有ANY类型记录且服务器上存在这个FQDN的一个或一个以上RRset的话,就可能在dns_db_findrdataset()中触发进程退出,从而造成拒绝服务 。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

ISC BIND 9.5.1b1

ISC bind-9.4.3-P3.tar.gz

ftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz

ISC bind-9.5.1-P3.tar.gz

ftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz

ISC bind-9.6.1-P1.tar.gz

ftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz

Ubuntu Ubuntu Linux 8.10 powerpc

Ubuntu bind9-doc_9.5.0.dfsg.P2-1ubuntu3.2_all.deb

http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-doc_9.5.0.df sg.P2-1ubuntu3.2_all.deb

Ubuntu bind9-host_9.5.0.dfsg.P2-1ubuntu3.2_powerpc.deb

http://ports.ubuntu.com/pool/main/b/bind9/bind9-host_9.5.0.dfsg.P2-1ub untu3.2_powerpc.deb

Ubuntu bind9_9.5.0.dfsg.P2-1ubuntu3.2_powerpc.deb

http://ports.ubuntu.com/pool/main/b/bind9/bind9_9.5.0.dfsg.P2-1ubuntu3 .2_powerpc.deb

Ubuntu bind9utils_9.5.0.dfsg.P2-1ubuntu3.2_powerpc.deb

http://ports.ubuntu.com/pool/main/b/bind9/bind9utils_9.5.0.dfsg.P2-1ub untu3.2_powerpc.deb

Ubuntu dnsutils_9.5.0.dfsg.P2-1ubuntu3.2_powerpc.deb

http://ports.ubuntu.com/pool/main/b/bind9/dnsutils_9.5.0.dfsg.P2-1ubun tu3.2_powerpc.deb

Ubuntu libbind-dev_9.5.0.dfsg.P2-1ubuntu3.2_powerpc.deb

http://ports.ubuntu.com/pool/main/b/bind9/libbind-dev_9.5.0.dfsg.P2-1u buntu3.2_powerpc.deb

Ubuntu libbind9-40_9.5.0.dfsg.P2-1ubuntu3.2_powerpc.deb

http://ports.ubuntu.com/pool/main/b/bind9/libbind9-40_9.5.0.dfsg.P2-1u buntu3.2_powerpc.deb

Ubuntu libdns43_9.5.0.dfsg.P2-1ubuntu3.2_powerpc.deb

http://ports.ubuntu.com/pool/main/b/bind9/libdns43_9.5.0.dfsg.P2-1ubun tu3.2_powerpc.deb

Ubuntu libisc44_9.5.0.dfsg.P2-1ubuntu3.2_powerpc.deb

http://ports.ubuntu.com/pool/main/b/bind9/libisc44_9.5.0.dfsg.P2-1ubun tu3.2_powerpc.deb

Ubuntu libisccc40_9.5.0.dfsg.P2-1ubuntu3.2_powerpc.deb

http://ports.ubuntu.com/pool/main/b/bind9/libisccc40_9.5.0.dfsg.P2-1ub untu3.2_powerpc.deb

Ubuntu libisccfg40_9.5.0.dfsg.P2-1ubuntu3.2_powerpc.deb

http://ports.ubuntu.com/pool/main/b/bind9/libisccfg40_9.5.0.dfsg.P2-1u buntu3.2_powerpc.deb

Ubuntu liblwres40_9.5.0.dfsg.P2-1ubuntu3.2_powerpc.deb

http://ports.ubuntu.com/pool/main/b/bind9/liblwres40_9.5.0.dfsg.P2-1ub untu3.2_powerpc.deb

Ubuntu lwresd_9.5.0.dfsg.P2-1ubuntu3.2_powerpc.deb

http://ports.ubuntu.com/pool/universe/b/bind9/lwresd_9.5.0.dfsg.P2-1ub untu3.2_powerpc.deb

Slackware Linux 12.2

Slackware bind-9.4.3_P3-i486-1_slack12.2.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/ bind-9.4.3_P3-i486-1_slack12.2.tgz

Debian Linux 5.0 alpha

Debian bind9-doc_9.5.1.dfsg.P3-1_all.deb

http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.5.1.d fsg.P3-1_all.deb

Debian bind9-host_9.5.1.dfsg.P3-1_alpha.deb

http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1. dfsg.P3-1_alpha.deb

Debian bind9_9.5.1.dfsg.P3-1_alpha.deb

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg. P3-1_alpha.deb

Debian bind9utils_9.5.1.dfsg.P3-1_alpha.deb

http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1. dfsg.P3-1_alpha.deb

Debian dnsutils_9.5.1.dfsg.P3-1_alpha.deb

http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.df sg.P3-1_alpha.deb

Debian libbind-dev_9.5.1.dfsg.P3-1_alpha.deb

http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1 .dfsg.P3-1_alpha.deb

Debian libbind9-40_9.5.1.dfsg.P3-1_alpha.deb

http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1 .dfsg.P3-1_alpha.deb

Debian libdns45_9.5.1.dfsg.P3-1_alpha.deb

http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.df sg.P3-1_alpha.deb

Debian libisc45_9.5.1.dfsg.P3-1_alpha.deb

http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.df sg.P3-1_alpha.deb

Debian libisccc40_9.5.1.dfsg.P3-1_alpha.deb

http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1. dfsg.P3-1_alpha.deb

Debian libisccfg40_9.5.1.dfsg.P3-1_alpha.deb

http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1 .dfsg.P3-1_alpha.deb

Debian liblwres40_9.5.1.dfsg.P3-1_alpha.deb

http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1. dfsg.P3-1_alpha.deb

Debian lwresd_9.5.1.dfsg.P

参考网址

来源: US-CERT

名称: VU#725188

链接:http://www.kb.cert.org/vuls/id/725188

来源: www.isc.org

链接:https://www.isc.org/node/474

来源: FEDORA

名称: FEDORA-2009-8119

链接:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01265.html

来源: VUPEN

名称: ADV-2009-2247

链接:http://www.vupen.com/english/advisories/2009/2247

来源: VUPEN

名称: ADV-2009-2171

链接:http://www.vupen.com/english/advisories/2009/2171

来源: VUPEN

名称: ADV-2009-2088

链接:http://www.vupen.com/english/advisories/2009/2088

来源: VUPEN

名称: ADV-2009-2036

链接:http://www.vupen.com/english/advisories/2009/2036

来源: UBUNTU

名称: USN-808-1

链接:http://www.ubuntu.com/usn/usn-808-1

来源: SLACKWARE

名称: SSA:2009-210-01

链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561499

来源: SECTRACK

名称: 1022613

链接:http://www.securitytracker.com/id?1022613

来源: BUGTRAQ

名称: 20090729 rPSA-2009-0113-1 bind bind-utils

链接:http://www.securityfocus.com/archive/1/archive/1/505403/100/0/threaded

来源: OPENBSD

名称: [4.4] 014: RELIABILITY FIX: July 29, 2009

链接:http://www.openbsd.org/errata44.html#014_bind

来源: wiki.rpath.com

链接:http://wiki.rpath.com/Advisories:rPSA-2009-0113

来源: up2date.astaro.com

链接:http://up2date.astaro.com/2009/08/up2date_7505_released.html

来源: SUNALERT

名称: 264828

链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-264828-1

来源: SECUNIA

名称: 36192

链接:http://secunia.com/advisories/36192

来源: SECUNIA

名称: 36098

链接:http://secunia.com/advisories/36098

来源: SECUNIA

名称: 36086

链接:http://secunia.com/advisories/36086

来源: SECUNIA

名称: 36063

链接:http://secunia.com/advisories/36063

来源: SECUNIA

名称: 36056

链接:http://secunia.com/advisories/36056

来源: SECUNIA

名称: 36053

链接:http://secunia.com/advisories/36053

来源: SECUNIA

名称: 36050

链接:http://secunia.com/advisories/36050

来源: SECUNIA

名称: 36038

链接:http://secunia.com/advisories/36038

来源: SECUNIA

名称: 36035

链接:http://secunia.com/advisories/36035

来源: bugs.debian.org

链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975

来源: aix.software.ibm.com

链接:http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc

来源: NETBSD

名称: NetBSD-SA2009-013

链接:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc

受影响实体

  • Isc Bind:9.4.2  
    <!--
    2000-1-1
    -->
  • Isc Bind:9.4.1  
    <!--
    2000-1-1
    -->
  • Isc Bind:9.4.2:Rc1  
    <!--
    2000-1-1
    -->
  • Isc Bind:9.4.3  
    <!--
    2000-1-1
    -->
  • Isc Bind:9.4.2:Rc2  
    <!--
    2000-1-1
    -->

补丁

    暂无