Secure
Manage
Control
Accumuli PLC
Accumuli Community
Ask us a question
Download Centre Supported Customers
Login
Search
Latest News
Accumuli selected as Zscaler Summit Partner
Accumuli (AIM:ACM), the provider of advanced IT security services, is pleased to announce that it hasentered into a channel partnership agreement with... more
Trends and Truths in DDoS Attacks
The first point to note is that while hacktivism hits the headlines, it is not according to Neustar the primary motive behind DDoS attacks: ... more
Accumuli Community / BIND Vulnerability (CVE-2011-1910 | VU#795694)

BIND Vulnerability (CVE-2011-1910 | VU#795694)

Wednesday 8th June 2011
BIND Vulnerability (CVE-2011-1910 | VU#795694)

BIND Vulnerability (CVE-2011-1910 | VU#795694): Large RRSIG RRsets and negative caching can crash named.

On May 26, 2011, the Internet Systems Consortium (ISC) announced a vulnerability in BIND 9, CVE-2011-1910, that could allow a malicious party to crash the BIND name server set up to be a caching resolver. This issue can be exploited by querying a domain with very large resource records sets (RRSets) with the BIND 9 server attempting to negatively cache a response.

The nature of this vulnerability would allow remote exploit. An attacker can set up a DNSSEC signed authoritative DNS server with large RRSIG RRsets to act as the trigger. The attacker would then find ways to query an organization's caching resolvers for non-existent names in the domain served by the bad server, getting a response that would "trigger" the vulnerability. The attacker would require access to an organization's caching resolvers; access to the resolvers can be direct (open resolvers), through malware (using a BOTNET to query negative caches), or through driving DNS resolution (a SPAM run that has a domain in the E-mail that will cause the client to perform a lookup).

DNSSEC does not need to be enabled on the resolver for it to be vulnerable.

For more information regarding this vulnerability from ISC, please click here.

tuscany networks is pleased to announce that vendor patches are now available to remediate this issue as detailed below.

 

VitalQIP

Alcatel-Lucent has released Lucent DNS 5.1 Build 9 to address this issue. This is available from our FTP server. Please contact our helpdesk for download details.

 

Infoblox

 

Infoblox has released patches to address this vulnerability. The following NIOS updates should be deployed as soon as possible: 6.1.1, 6.0.6, 5.1r4-3, 5.1r3-9, or 4.3r8-3.

 

For customers running NIOS 6.1/6.0:

  • vNIOS/NIOS 6.1.1 updates all previous versions of vNIOS/NIOS 6.1
  • vNIOS/NIOS 6.0.6 updates all previous versions of vNIOS/NIOS 6.0

For customers running NIOS 5.1/5.0:

  • vNIOS/NIOS 5.1r4-3 updates all previous versions of vNIOS/NIOS 5.1r4
  • vNIOS/NIOS 5.1r3-9 updates all previous versions of vNIOS/NIOS 5.1r3

For customers running NIOS 4.3 or below:

  • NIOS 4.3r8-3 updates all previous versions of NIOS 4.3r8

Recommendations:

  • Infoblox recommends all vNIOS/NIOS 5.1r2 customers upgrade to vNIOS/NIOS 5.1r4-3
  • Infoblox recommends all vNIOS/NIOS 5.1r1 customers upgrade to vNIOS/NIOS 5.1r4-3
  • Infoblox recommends all NIOS 5.0r1 customers upgrade to NIOS 5.1r4-3
  • Infoblox recommends all previous versions of NIOS 4.3 customers upgrade to NIOS 4.3r8-3 or NIOS 5.1r4-3 (hardware requirements- please check the release notes)

The patches are available on the Infoblox Support download page.

 

 

 

 

 

 

        Tweet
        LinkedIn
Comments
Be the first to post a comment.
Add Your Comments
* Name:
* Location:
* Email Address:
* Telephone:
* Comments:
* Security Code:
* Terms & Conditions:
I agree to the Terms and Conditions of posting a comment on the Accumuli web site
* required fields