A vulnerability in the ISC BIND could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability is due to improper handling of certain queries by the affected software. An attacker could exploit this vulnerability by transmitting crafted queries to the affected system. An exploit could allow the attacker to cause a DoS condition on the system, denying service to legitimate users.
ISC has confirmed this vulnerability and released updated software.
Indicators of Compromise
The following ISC products are vulnerable:
BIND versions 9.7.0 through 9.7.7
BIND versions 9.8.0 through 9.8.6b1
BIND versions 9.9.0 through 9.9.4-S1b1
The vulnerability is due to an error while handling certain queries by the affected software.
An unauthenticated, remote attacker could exploit this vulnerability by sending a query containing crafted RDATA to an affected nameserver. Processing the query could cause the named service to terminate unexpectedly. If the exploit is successful, the attacker may be able to trigger an assertion failure that causes the service to terminate, resulting in a DoS condition.
Depending on the network configuration, the attacker may need an access to trusted, internal networks to send the crafted queries to the affected server. This access requirement could limit the likelihood of a successful exploit.
ISC has indicated that both recursive and authoritative-only nameservers are affected.
ISC has confirmed all versions of BIND 9.7 are affected; however, these branches are beyond their end of life and do not receive testing or security fixes from the vendor.
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to have network access.
Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
Administrators are advised to monitor affected systems.
ISC has released a security advisory at the following link: CVE-2013-4854
Red Hat Enterprise Linux EUS (Extended Update Support)
5.9.z (IA-32, IA-64, PPC, PPC-64, s390x, x86_64)
Red Hat Enterprise Linux HPC Node
Red Hat Enterprise Linux Long Life
5.9 (IA-32, IA-64, x86_64)
Red Hat Enterprise Linux Server
6 (IA-32, PPC, PPC 64, s390, s390x, x86_64)
Red Hat Enterprise Linux Server EUS
6.4.z (IA-32, x86_64, PPC, PPC64, s390, s390X)
Red Hat Enterprise Linux Workstation
6 (IA-32, x86_64)
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM
THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products
Cisco Multivendor Vulnerability Alerts respond to vulnerabilities identified in third-party vendors' products. These alerts contain information compiled from diverse sources and provide comprehensive technical descriptions, objective analytical assessments, workarounds and practical safeguards, and links to vendor advisories and patches.