SB2006030301 - Multiple vulnerabilities in ISC BIND

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Resource exhaustion (CVE-ID: CVE-2006-0987)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the default configuration of ISC BIND when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses. A remote attacker can trigger resource exhaustion and cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.

2) Reliance on Reverse DNS Resolution for a Security-Critical Action (CVE-ID: CVE-1999-0024)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to predictable query IDs. A remote unauthenticated attacker can trigger the vulnerability to modify data on the target system.

Remediation

Install update from vendor's website.

References

• http://dns.measurement-factory.com/surveys/sum1.html
• http://kb.isc.org/article/AA-00269
• http://www.securityfocus.com/archive/1/426368/100/0/threaded
• http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf
• https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0024