FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bind8 negative cache poison attack

Affected packages
8.3 <= bind < 8.3.7
8.4 <= bind < 8.4.3
5.1 <= FreeBSD < 5.1_11
5.0 <= FreeBSD < 5.0_19
4.9 <= FreeBSD < 4.9_1
4.8 <= FreeBSD < 4.8_14
4.7 <= FreeBSD < 4.7_24
4.6 <= FreeBSD < 4.6.2_27
4.5 <= FreeBSD < 4.5_37
FreeBSD < 4.4_47

Details

VuXML ID f04cc5cb-2d0b-11d8-beaf-000a95c4d922
Discovery 2003-11-28
Entry 2003-12-12
Modified 2004-05-05

A programming error in BIND 8 named can result in a DNS message being incorrectly cached as a negative response. As a result, an attacker may arrange for malicious DNS messages to be delivered to a target name server, and cause that name server to cache a negative response for some target domain name. The name server would thereafter respond negatively to legitimate queries for that domain name, resulting in a denial-of-service for applications that require DNS.

References

CERT/CC Vulnerability Note 734644
CVE Name CVE-2003-0914
FreeBSD Advisory SA-03:19.bind