FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

BIND -- Dynamic update message remote DoS

Affected packages
bind9 < 9.3.6.1.1
bind9-sdb-ldap < 9.4.3.3
bind9-sdb-postgresql < 9.4.3.3
6.3 <= FreeBSD < 6.3_12
6.4 <= FreeBSD < 6.4_6
7.1 <= FreeBSD < 7.1_7
7.2 <= FreeBSD < 7.2_3

Details

VuXML ID 83725c91-7c7e-11de-9672-00e0815b8da8
Discovery 2009-07-28
Entry 2009-08-01
Modified 2009-08-04

Problem Description:

When named(8) receives a specially crafted dynamic update message an internal assertion check is triggered which causes named(8) to exit.

To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set (RRset) for this fully qualified domain name (FQDN) must exist on the server.

Impact:

An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation.

Workaround:

No generally applicable workaround is available, but some firewalls may be able to prevent nsupdate DNS packets from reaching the nameserver.

NOTE WELL: Merely configuring named(8) to ignore dynamic updates is NOT sufficient to protect it from this vulnerability.

References

CVE Name CVE-2009-0696
FreeBSD Advisory SA-09:12.bind
URL http://www.kb.cert.org/vuls/id/725188
URL https://www.isc.org/node/474