Secure
Manage
Control
Accumuli PLC
Accumuli Community
Ask us a question
Download Centre Supported Customers
Login
Search
Latest News
Accumuli selected as Zscaler Summit Partner
Accumuli (AIM:ACM), the provider of advanced IT security services, is pleased to announce that it hasentered into a channel partnership agreement with... more
Trends and Truths in DDoS Attacks
The first point to note is that while hacktivism hits the headlines, it is not according to Neustar the primary motive behind DDoS attacks: ... more
Accumuli Community / BIND Vulnerability (CVE-2011-2464 & CVE-2011-2465)

BIND Vulnerability (CVE-2011-2464 & CVE-2011-2465)

Thursday 7th July 2011
BIND Vulnerability (CVE-2011-2464 & CVE-2011-2465)

On July 5, 2011 the Internet Systems Consortium (ISC) announced vulnerabilities in BIND 9, CVE-2011-2464 and CVE-2011-2465. Alcatel-Lucent DNS and Infoblox NIOS are both only vulnerable to CVE-2011-2464. Details regarding the vulnerabilities are provided below including the availability of patches.

CVE-2011-2464:

A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers. The code location of the defect makes it impossible to protect BIND using ACLs configured within named.conf or by disabling any features at compile-time or run-time.

A remote attacker would need to be able to send a specially crafted packet directly to a server running a vulnerable version of BIND. There is also the potential for an indirect attack via malware that is inadvertently installed and run, where infected machines have direct access to an organization's nameservers.

CVE# 2011-2464 affects BIND versions 9.6, 9.7 and 9.8.

VitalQIP

LDNS 5.1 is based on BIND 9.7, and is vulnerable.
LDNS 4.x and 5.0 are not impacted by this vulnerability (they use earlier versions of BIND that are not susceptible to this vulnerability).

VitalQIP customers running LDNS 5.1 should download LDNS 5.1 Build 12 to fix this issue.

Infoblox

Affected NIOS versions:

  • 6.1.x
  • 6.0.x
  • 5.1r4-x
  • 5.1r3-x
  • 5.1r2-x

If you are operating a release listed above, you must upgrade to one of the available patches that address CVE-2011-2464. If you are not running one of the versions listed above, you are not affected by CVE-2011-2464 and do not need to upgrade.

Infoblox has released patches to address CVE-2011-2464. The following NIOS updates should be deployed as soon as possible: 6.1.3, 6.0.7, 5.1r4-4, or 5.1r3-10.

For customers running NIOS 6.1/6.0:

  • vNIOS/NIOS 6.1.3 updates all previous versions of vNIOS/NIOS 6.1.x
  • vNIOS/NIOS 6.0.7 updates all previous versions of vNIOS/NIOS 6.0.x

For customers running NIOS 5.1/5.0:

  • vNIOS/NIOS 5.1r4-4 updates all previous versions of vNIOS/NIOS 5.1r4-x
  • vNIOS/NIOS 5.1r3-10 updates all previous versions of vNIOS/NIOS 5.1r3-x

Recommendations:

  • Customers operating software versions prior to vNIOS/NIOS 5.1r2-0 are not affected by CVE-2011-2464
  • Infoblox recommends all vNIOS/NIOS 6.0/6.1 customers upgrade to vNIOS/NIOS 6.1.3
  • Infoblox recommends all vNIOS/NIOS 5.1r2 (and greater) customers upgrade to vNIOS/NIOS 5.1r4-4

CVE-2011-2465:

Two defects were discovered in ISC's BIND 9 code. These defects only affect BIND 9 servers which have recursion enabled and which use a specific feature of the software known as Response Policy Zones (RPZ) and where the RPZ zone contains a specific rule/action pattern.

RPZ is a technology developed by ISC which provides DNS recursive name server operators with a simple way to block certain queries which they wish to or legally must prevent, or to redirect them to an alternate location. RPZ allows a great deal of flexibility and fine-grained selection of resolver policy. For more information, please see https://www.isc.org/software/rpz.

Neither Alcatel-Lucent DNS nor Infoblox NIOS are affected by CVE-2011-2465.

        Tweet
        LinkedIn
Comments
Be the first to post a comment.
Add Your Comments
* Name:
* Location:
* Email Address:
* Telephone:
* Comments:
* Security Code:
* Terms & Conditions:
I agree to the Terms and Conditions of posting a comment on the Accumuli web site
* required fields