You are here

U-098: ISC BIND Deleted Domain Name Resolving Vulnerability

February 8, 2012 - 7:00am

Addthis

PROBLEM:

A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to bypass certain security restrictions.

PLATFORM:

ISC BIND 9.2.x
ISC BIND 9.3.x
ISC BIND 9.4.x
ISC BIND 9.5.x
ISC BIND 9.6.x
ISC BIND 9.7.x
ISC BIND 9.8.x

ABSTRACT:

The vulnerability is caused due to an error within the cache update policy.

referenceĀ  LINKS:

Original Advisory
Secunia Advisory SA47884
CVE-2012-1033

IMPACT ASSESSMENT:

High

Discussion:

Researchers discovered a vulnerability affecting the large majority of popular DNS implementations which allows a malicious domain name to stay resolvable long after it has been removed from the upper level servers. The issue, which is in all versions of BIND 9, exploits a vulnerability in DNS cache update policy, which prevents effective domain name revocation. Attackers could cause a malicious domain name to be continuously resolvable even after the delegated data has been deleted from the domain registry and after the TTL associated with entry supposedly expires

Impact:

Remote security Bypass

Solution:

The vendor is currently working a fix.

Addthis