ID CVE-2014-0591
Summary The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:9.6
    cpe:2.3:a:isc:bind:9.6
  • cpe:2.3:a:isc:bind:9.6:r5_p1
    cpe:2.3:a:isc:bind:9.6:r5_p1
  • cpe:2.3:a:isc:bind:9.6:r6_b1
    cpe:2.3:a:isc:bind:9.6:r6_b1
  • cpe:2.3:a:isc:bind:9.6:r6_rc1
    cpe:2.3:a:isc:bind:9.6:r6_rc1
  • cpe:2.3:a:isc:bind:9.6:r6_rc2
    cpe:2.3:a:isc:bind:9.6:r6_rc2
  • cpe:2.3:a:isc:bind:9.6:r7_p1
    cpe:2.3:a:isc:bind:9.6:r7_p1
  • cpe:2.3:a:isc:bind:9.6:r7_p2
    cpe:2.3:a:isc:bind:9.6:r7_p2
  • cpe:2.3:a:isc:bind:9.6:r9_p1
    cpe:2.3:a:isc:bind:9.6:r9_p1
  • ISC BIND 9.6.0
    cpe:2.3:a:isc:bind:9.6.0
  • ISC BIND 9.6.0 p1
    cpe:2.3:a:isc:bind:9.6.0:p1
  • ISC BIND 9.6.0 rc1
    cpe:2.3:a:isc:bind:9.6.0:rc1
  • ISC BIND 9.6.0 rc2
    cpe:2.3:a:isc:bind:9.6.0:rc2
  • ISC BIND 9.6.1
    cpe:2.3:a:isc:bind:9.6.1
  • ISC BIND 9.6.1 P1
    cpe:2.3:a:isc:bind:9.6.1:p1
  • ISC BIND 9.6.1 P2
    cpe:2.3:a:isc:bind:9.6.1:p2
  • ISC BIND 9.6.1 P3
    cpe:2.3:a:isc:bind:9.6.1:p3
  • ISC BIND 9.6.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.6.1:rc1
  • ISC BIND 9.6.2
    cpe:2.3:a:isc:bind:9.6.2
  • ISC BIND 9.6.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.6.2:rc1
  • ISC BIND 9.6.3
    cpe:2.3:a:isc:bind:9.6.3
  • ISC BIND 9.6.3 Release Candidate 1
    cpe:2.3:a:isc:bind:9.6.3:rc1
  • ISC BIND 9.7.0
    cpe:2.3:a:isc:bind:9.7.0
  • ISC BIND 9.7.0 Beta 1
    cpe:2.3:a:isc:bind:9.7.0:b1
  • ISC BIND 9.7.0 p1
    cpe:2.3:a:isc:bind:9.7.0:p1
  • ISC BIND 9.7.0 p2
    cpe:2.3:a:isc:bind:9.7.0:p2
  • ISC BIND 9.7.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.0:rc1
  • ISC BIND 9.7.0 Release Candidate 2
    cpe:2.3:a:isc:bind:9.7.0:rc2
  • ISC BIND 9.7.1
    cpe:2.3:a:isc:bind:9.7.1
  • ISC BIND 9.7.1 p1
    cpe:2.3:a:isc:bind:9.7.1:p1
  • ISC BIND 9.7.1 p2
    cpe:2.3:a:isc:bind:9.7.1:p2
  • ISC BIND 9.7.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.1:rc1
  • ISC BIND 9.7.2
    cpe:2.3:a:isc:bind:9.7.2
  • ISC BIND 9.7.2 P1
    cpe:2.3:a:isc:bind:9.7.2:p1
  • ISC BIND 9.7.2 P2
    cpe:2.3:a:isc:bind:9.7.2:p2
  • ISC BIND 9.7.2 P3
    cpe:2.3:a:isc:bind:9.7.2:p3
  • ISC BIND 9.7.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.2:rc1
  • ISC BIND 9.7.3
    cpe:2.3:a:isc:bind:9.7.3
  • ISC BIND 9.7.3 B1
    cpe:2.3:a:isc:bind:9.7.3:b1
  • ISC BIND 9.7.3 P1
    cpe:2.3:a:isc:bind:9.7.3:p1
  • ISC BIND 9.7.3 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.3:rc1
  • ISC BIND 9.7.4
    cpe:2.3:a:isc:bind:9.7.4
  • ISC BIND 9.7.4 B1
    cpe:2.3:a:isc:bind:9.7.4:b1
  • ISC BIND 9.7.4P1
    cpe:2.3:a:isc:bind:9.7.4:p1
  • ISC BIND 9.7.4 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.4:rc1
  • ISC BIND 9.7.5
    cpe:2.3:a:isc:bind:9.7.5
  • ISC BIND 9.7.5 B1
    cpe:2.3:a:isc:bind:9.7.5:b1
  • ISC BIND 9.7.5 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.5:rc1
  • ISC BIND 9.7.5 Release Candidate 2
    cpe:2.3:a:isc:bind:9.7.5:rc2
  • ISC BIND 9.7.6
    cpe:2.3:a:isc:bind:9.7.6
  • ISC BIND 9.7.6-p1
    cpe:2.3:a:isc:bind:9.7.6:p1
  • ISC BIND 9.7.6-p2
    cpe:2.3:a:isc:bind:9.7.6:p2
  • ISC BIND 9.7.7
    cpe:2.3:a:isc:bind:9.7.7
  • ISC BIND 9.8.0
    cpe:2.3:a:isc:bind:9.8.0
  • ISC BIND 9.8.0 A1
    cpe:2.3:a:isc:bind:9.8.0:a1
  • ISC BIND 9.8.0 B1
    cpe:2.3:a:isc:bind:9.8.0:b1
  • ISC BIND 9.8.0 P1
    cpe:2.3:a:isc:bind:9.8.0:p1
  • ISC BIND 9.8.0 P2
    cpe:2.3:a:isc:bind:9.8.0:p2
  • ISC BIND 9.8.0-P4
    cpe:2.3:a:isc:bind:9.8.0:p4
  • ISC BIND 9.8.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.8.0:rc1
  • ISC BIND 9.8.1
    cpe:2.3:a:isc:bind:9.8.1
  • ISC BIND 9.8.1 B1
    cpe:2.3:a:isc:bind:9.8.1:b1
  • ISC BIND 9.8.1 B2
    cpe:2.3:a:isc:bind:9.8.1:b2
  • ISC BIND 9.8.1 B3
    cpe:2.3:a:isc:bind:9.8.1:b3
  • ISC BIND 9.8.1-P1
    cpe:2.3:a:isc:bind:9.8.1:p1
  • ISC BIND 9.8.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.8.1:rc1
  • ISC BIND 9.8.2 B1
    cpe:2.3:a:isc:bind:9.8.2:b1
  • ISC BIND 9.8.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.8.2:rc1
  • ISC BIND 9.8.2 Release Candidate 2
    cpe:2.3:a:isc:bind:9.8.2:rc2
  • ISC BIND 9.8.3
    cpe:2.3:a:isc:bind:9.8.3
  • ISC BIND 9.8.3-p1
    cpe:2.3:a:isc:bind:9.8.3:p1
  • ISC BIND 9.8.3-p2
    cpe:2.3:a:isc:bind:9.8.3:p2
  • ISC BIND 9.8.4
    cpe:2.3:a:isc:bind:9.8.4
  • ISC BIND 9.8.5
    cpe:2.3:a:isc:bind:9.8.5
  • ISC BIND 9.8.5 b1
    cpe:2.3:a:isc:bind:9.8.5:b1
  • ISC BIND 9.8.5 b2
    cpe:2.3:a:isc:bind:9.8.5:b2
  • ISC BIND 9.8.5 P1
    cpe:2.3:a:isc:bind:9.8.5:p1
  • ISC BIND 9.8.5 P2
    cpe:2.3:a:isc:bind:9.8.5:p2
  • ISC BIND 9.8.5 release candidate 1
    cpe:2.3:a:isc:bind:9.8.5:rc1
  • ISC BIND 9.8.5 release candidate 2
    cpe:2.3:a:isc:bind:9.8.5:rc2
  • cpe:2.3:a:isc:bind:9.8.6
    cpe:2.3:a:isc:bind:9.8.6
  • ISC BIND 9.8.6b1
    cpe:2.3:a:isc:bind:9.8.6:b1
  • cpe:2.3:a:isc:bind:9.8.6:p1
    cpe:2.3:a:isc:bind:9.8.6:p1
  • ISC BIND 9.8.6 release candidate 1
    cpe:2.3:a:isc:bind:9.8.6:rc1
  • ISC BIND 9.8.6 release candidate 2
    cpe:2.3:a:isc:bind:9.8.6:rc2
  • cpe:2.3:a:isc:bind:9.9.4
    cpe:2.3:a:isc:bind:9.9.4
  • cpe:2.3:a:isc:bind:9.9.4:p1
    cpe:2.3:a:isc:bind:9.9.4:p1
  • cpe:2.3:a:isc:bind:9.9.4:rc1
    cpe:2.3:a:isc:bind:9.9.4:rc1
  • cpe:2.3:a:isc:bind:9.9.4:rc2
    cpe:2.3:a:isc:bind:9.9.4:rc2
CVSS
Base: 2.6 (as of 14-01-2014 - 13:15)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2014-175-01.NASL
    description New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 76204
    published 2014-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76204
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bind (SSA:2014-175-01)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140916_BIND97_ON_SL5_X.NASL
    description A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash. (CVE-2014-0591) Note: The CVE-2014-0591 issue does not directly affect the version of bind97 shipped in Scientific Linux 5. This issue is being addressed however to assure it is not introduced in future builds of bind97 (possibly built with a different compiler or C library optimization). This update also fixes the following bug : - Previously, the bind97 initscript did not check for the existence of the ROOTDIR variable when shutting down the named daemon. As a consequence, some parts of the file system that are mounted when using bind97 in a chroot environment were unmounted on daemon shut down, even if bind97 was not running in a chroot environment. With this update, the initscript has been fixed to check for the existence of the ROOTDIR variable when unmounting some parts of the file system on named daemon shut down. Now, when shutting down bind97 that is not running in a chroot environment, no parts of the file system are unmounted. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 78416
    published 2014-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78416
    title Scientific Linux Security Update : bind97 on SL5.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-0811.NASL
    description Fixed CVE-2014-0591. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 72014
    published 2014-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72014
    title Fedora 20 : bind-9.9.4-11.P2.fc20 (2014-0811)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_BIND-140127.NASL
    description This update fixes a DoS vulnerability in bind when handling malformed NSEC3-signed zones. CVE-2014-0591 has been assigned to this issue.
    last seen 2019-02-21
    modified 2014-12-14
    plugin id 72241
    published 2014-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72241
    title SuSE 11.2 / 11.3 Security Update : bind (SAT Patch Numbers 8834 / 8835)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1244.NASL
    description Updated bind97 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. It contains a DNS server (named), a resolver library with routines for applications to use when interfacing with DNS, and tools for verifying that the DNS server is operating correctly. These packages contain version 9.7 of the BIND suite. A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash. (CVE-2014-0591) Note: The CVE-2014-0591 issue does not directly affect the version of bind97 shipped in Red Hat Enterprise Linux 5. This issue is being addressed however to assure it is not introduced in future builds of bind97 (possibly built with a different compiler or C library optimization). This update also fixes the following bug : * Previously, the bind97 initscript did not check for the existence of the ROOTDIR variable when shutting down the named daemon. As a consequence, some parts of the file system that are mounted when using bind97 in a chroot environment were unmounted on daemon shut down, even if bind97 was not running in a chroot environment. With this update, the initscript has been fixed to check for the existence of the ROOTDIR variable when unmounting some parts of the file system on named daemon shut down. Now, when shutting down bind97 that is not running in a chroot environment, no parts of the file system are unmounted. (BZ#1059118) All bind97 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-13
    plugin id 77697
    published 2014-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77697
    title RHEL 5 : bind97 (RHSA-2014:1244)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_CB252F017C4311E3B0A6005056A37F68.NASL
    description ISC reports : Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an 'INSIST' failure in name.c when processing queries possessing certain properties. By exploiting this defect an attacker deliberately constructing a query with the right properties could achieve denial of service against an authoritative nameserver serving NSEC3-signed zones.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 71935
    published 2014-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71935
    title FreeBSD : bind -- denial of service vulnerability (cb252f01-7c43-11e3-b0a6-005056a37f68)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-110.NASL
    description - Update to version 9.9.4P2 - Fixes named crash when handling malformed NSEC3-signed zones (CVE-2014-0591, bnc#858639) - Obsoletes workaround-compile-problem.diff - Replace rpz2+rl-9.9.3-P1.patch by rpz2-9.9.4.patch, rl is now supported upstream (--enable-rrl).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75248
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75248
    title openSUSE Security Update : bind (openSUSE-SU-2014:0199-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SERVER_4_0.NASL
    description The remote Mac OS X host has a version of OS X Server installed that is prior to version 4.0. It is, therefore, affected by the following vulnerabilities : - There are multiple vulnerabilities within the included BIND, the most serious of which can lead to a denial of service. (CVE-2013-3919, CVE-2013-4854, CVE-2014-0591) - There are multiple vulnerabilities within the included LibYAML for the Profile Manager and ServerRuby, the most serious of which can lead to arbitrary code execution. (CVE-2013-4164, CVE-2013-6393) - There are multiple vulnerabilities within the included PostgreSQL, the most serious of which can lead to arbitrary code execution. (CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. (CVE-2014-3566) - A cross-site scripting flaw exists in the Xcode Server due to not properly validating input before returning it to the user. This can allow a remote attacker, using a specially crafted request, to execute code within the browser / server trust relationship. (CVE-2014-4406) - A SQL injection flaw exists in the Wiki Server due to not properly sanitizing user input before using it in SQL queries. This can allow a remote attacker, using a specially crafted request, to inject or manipulate SQL queries, thus allowing the manipulation or disclosure of arbitrary data. (CVE-2014-4424) - A restriction bypass flaw exists in the Mail Server due to SCAL changes being cached and not enforced until the service had restarted. This can allow an authenticated remote attacker to bypass those restrictions. (CVE-2014-4446) - A password disclosure flaw exists in the Profile Manager due to passwords being potentially saved to a file when editing or setting up a profile. This can allow a local attacker to gain access to password information. (CVE-2014-4447)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 78601
    published 2014-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78601
    title Mac OS X : OS X Server < 4.0 Multiple Vulnerabilities (POODLE)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119784.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. This plugin has been deprecated and either replaced with individual 119784 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 25542
    published 2007-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25542
    title Solaris 10 (x86) : 119784-40 (deprecated)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201401-34.NASL
    description The remote host is affected by the vulnerability described in GLSA-201401-34 (BIND: Denial of Service) Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 72208
    published 2014-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72208
    title GLSA-201401-34 : BIND: Denial of Service
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0084.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2014-8500 (#1171973) - Use /dev/urandom when generating rndc.key file (#951255) - Remove bogus file from /usr/share/doc, introduced by fix for bug #1092035 - Add support for TLSA resource records (#956685) - Increase defaults for lwresd workers and make workers and client objects number configurable (#1092035) - Fix segmentation fault in nsupdate when -r option is used (#1064045) - Fix race condition on send buffer in host tool when sending UDP query (#1008827) - Allow authentication using TSIG in allow-notify configuration statement (#1044545) - Fix SELinux context of /var/named/chroot/etc/localtime (#902431) - Include updated named.ca file with root server addresses (#917356) - Don't generate rndc.key if there is rndc.conf on start-up (#997743) - Fix dig man page regarding how to disable IDN (#1023045) - Handle ICMP Destination unreachable (Protocol unreachable) response (#1066876) - Configure BIND with --with-dlopen=yes to support dynamically loadable DLZ drivers (#846065) - Fix initscript to return correct exit value when calling checkconfig/configtest/check/test (#848033) - Don't (un)mount chroot filesystem when running initscript command configtest with running server (#851123) - Fix zone2sqlite tool to accept zones containing '.' or '-' or starting with a digit (#919414) - Fix initscript not to mount chroot filesystem is named is already running (#948743) - Fix initscript to check if the PID in PID-file is really s PID of running named server (#980632) - Correct the installed documentation ownership (#1051283) - configure with --enable-filter-aaaa to enable use of filter-aaaa-on-v4 option (#1025008) - Fix race condition when destroying a resolver fetch object (#993612) - Fix the RRL functionality to include referrals-per-second and nodata-per-second options (#1036700) - Fix segfault on SERVFAIL to NXDOMAIN failover (#919545) - Fix (CVE-2014-0591) - Fix gssapictx memory leak (#911167) - fix (CVE-2013-4854) - fix (CVE-2013-2266) - ship dns/rrl.h in -devel subpkg - remove one bogus file from /usr/share/doc, introduced by RRL patch - fix (CVE-2012-5689) - add response rate limit patch (#873624)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 80247
    published 2014-12-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80247
    title OracleVM 3.3 : bind (OVMSA-2014-0084)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119783.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. This plugin has been deprecated and either replaced with individual 119783 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 25541
    published 2007-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25541
    title Solaris 10 (sparc) : 119783-40 (deprecated)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2081-1.NASL
    description Jared Mauch discovered that Bind incorrectly handled certain queries for NSEC3-signed zones. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 71939
    published 2014-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71939
    title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : bind9 vulnerability (USN-2081-1)
  • NASL family DNS
    NASL id BIND9_994_P2.NASL
    description According to its self-reported version number, the remote installation of BIND is affected by a denial of service vulnerability. This issue exists due to the handling of queries for NSEC3-signed zones related to the memcpy() function in the 'name.c' file on authoritative nameservers. Note that Nessus has only relied on the version itself and has not attempted to determine whether or not the install is actually affected.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 71940
    published 2014-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71940
    title ISC BIND 9 NSEC3-Signed Zone Handling DoS
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-287.NASL
    description A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash. (CVE-2014-0591)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 72305
    published 2014-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72305
    title Amazon Linux AMI : bind (ALAS-2014-287)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-0858.NASL
    description Fixed CVE-2014-0591. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 72015
    published 2014-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72015
    title Fedora 19 : bind-9.9.3-14.P2.fc19 (2014-0858)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-0043.NASL
    description Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash. (CVE-2014-0591) All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 72044
    published 2014-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72044
    title CentOS 6 : bind (CESA-2014:0043)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-48.NASL
    description Fix denial of service attack when processing NSEC3-signed zone queries, fixed by not calling memcpy with overlapping ranges in bin/named/query.c. - patch backported from 9.8.6-P2 by Marc Deslauriers from the Ubuntu Security team for USN-2081-1. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82195
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82195
    title Debian DLA-48-1 : bind9 security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3023.NASL
    description Jared Mauch reported a denial of service flaw in the way BIND, a DNS server, handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77637
    published 2014-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77637
    title Debian DSA-3023-1 : bind9 - security update
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-002.NASL
    description A vulnerability has been discovered and corrected in ISC BIND : The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature (CVE-2014-0591). The updated packages for Enterprise Server 5 have been patched to correct this issue. The updated packages for Business Server 1 have been upgraded to the 9.9.4-P2 version which is unaffected by this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 72018
    published 2014-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72018
    title Mandriva Linux Security Advisory : bind (MDVSA-2014:002)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0043.NASL
    description Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash. (CVE-2014-0591) All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 72059
    published 2014-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72059
    title RHEL 6 : bind (RHSA-2014:0043)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1244.NASL
    description Updated bind97 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. It contains a DNS server (named), a resolver library with routines for applications to use when interfacing with DNS, and tools for verifying that the DNS server is operating correctly. These packages contain version 9.7 of the BIND suite. A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash. (CVE-2014-0591) Note: The CVE-2014-0591 issue does not directly affect the version of bind97 shipped in Red Hat Enterprise Linux 5. This issue is being addressed however to assure it is not introduced in future builds of bind97 (possibly built with a different compiler or C library optimization). This update also fixes the following bug : * Previously, the bind97 initscript did not check for the existence of the ROOTDIR variable when shutting down the named daemon. As a consequence, some parts of the file system that are mounted when using bind97 in a chroot environment were unmounted on daemon shut down, even if bind97 was not running in a chroot environment. With this update, the initscript has been fixed to check for the existence of the ROOTDIR variable when unmounting some parts of the file system on named daemon shut down. Now, when shutting down bind97 that is not running in a chroot environment, no parts of the file system are unmounted. (BZ#1059118) All bind97 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77991
    published 2014-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77991
    title CentOS 5 : bind97 (CESA-2014:1244)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0066.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 99569
    published 2017-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99569
    title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1244.NASL
    description From Red Hat Security Advisory 2014:1244 : Updated bind97 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. It contains a DNS server (named), a resolver library with routines for applications to use when interfacing with DNS, and tools for verifying that the DNS server is operating correctly. These packages contain version 9.7 of the BIND suite. A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash. (CVE-2014-0591) Note: The CVE-2014-0591 issue does not directly affect the version of bind97 shipped in Red Hat Enterprise Linux 5. This issue is being addressed however to assure it is not introduced in future builds of bind97 (possibly built with a different compiler or C library optimization). This update also fixes the following bug : * Previously, the bind97 initscript did not check for the existence of the ROOTDIR variable when shutting down the named daemon. As a consequence, some parts of the file system that are mounted when using bind97 in a chroot environment were unmounted on daemon shut down, even if bind97 was not running in a chroot environment. With this update, the initscript has been fixed to check for the existence of the ROOTDIR variable when unmounting some parts of the file system on named daemon shut down. Now, when shutting down bind97 that is not running in a chroot environment, no parts of the file system are unmounted. (BZ#1059118) All bind97 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 77737
    published 2014-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77737
    title Oracle Linux 5 : bind97 (ELSA-2014-1244)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2014-028-01.NASL
    description New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 72187
    published 2014-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72187
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bind (SSA:2014-028-01)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140120_BIND_ON_SL6_X.NASL
    description A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash. (CVE-2014-0591) After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 72084
    published 2014-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72084
    title Scientific Linux Security Update : bind on SL6.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-0043.NASL
    description From Red Hat Security Advisory 2014:0043 : Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash. (CVE-2014-0591) All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 72057
    published 2014-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72057
    title Oracle Linux 6 : bind (ELSA-2014-0043)
redhat via4
advisories
  • bugzilla
    id 1051717
    title CVE-2014-0591 bind: named crash when handling malformed NSEC3-signed zones
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment bind is earlier than 32:9.8.2-0.23.rc1.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140043005
        • comment bind is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975006
      • AND
        • comment bind-chroot is earlier than 32:9.8.2-0.23.rc1.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140043011
        • comment bind-chroot is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975012
      • AND
        • comment bind-devel is earlier than 32:9.8.2-0.23.rc1.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140043009
        • comment bind-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975010
      • AND
        • comment bind-libs is earlier than 32:9.8.2-0.23.rc1.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140043007
        • comment bind-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975016
      • AND
        • comment bind-sdb is earlier than 32:9.8.2-0.23.rc1.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140043015
        • comment bind-sdb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975014
      • AND
        • comment bind-utils is earlier than 32:9.8.2-0.23.rc1.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140043013
        • comment bind-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975008
    rhsa
    id RHSA-2014:0043
    released 2014-01-20
    severity Moderate
    title RHSA-2014:0043: bind security update (Moderate)
  • bugzilla
    id 1051717
    title CVE-2014-0591 bind: named crash when handling malformed NSEC3-signed zones
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment bind97 is earlier than 32:9.7.0-21.P2.el5
          oval oval:com.redhat.rhsa:tst:20141244002
        • comment bind97 is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110845003
      • AND
        • comment bind97-chroot is earlier than 32:9.7.0-21.P2.el5
          oval oval:com.redhat.rhsa:tst:20141244008
        • comment bind97-chroot is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110845005
      • AND
        • comment bind97-devel is earlier than 32:9.7.0-21.P2.el5
          oval oval:com.redhat.rhsa:tst:20141244010
        • comment bind97-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110845007
      • AND
        • comment bind97-libs is earlier than 32:9.7.0-21.P2.el5
          oval oval:com.redhat.rhsa:tst:20141244004
        • comment bind97-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110845009
      • AND
        • comment bind97-utils is earlier than 32:9.7.0-21.P2.el5
          oval oval:com.redhat.rhsa:tst:20141244006
        • comment bind97-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110845011
    rhsa
    id RHSA-2014:1244
    released 2014-09-16
    severity Moderate
    title RHSA-2014:1244: bind97 security and bug fix update (Moderate)
rpms
  • bind-32:9.8.2-0.23.rc1.el6_5.1
  • bind-chroot-32:9.8.2-0.23.rc1.el6_5.1
  • bind-devel-32:9.8.2-0.23.rc1.el6_5.1
  • bind-libs-32:9.8.2-0.23.rc1.el6_5.1
  • bind-sdb-32:9.8.2-0.23.rc1.el6_5.1
  • bind-utils-32:9.8.2-0.23.rc1.el6_5.1
  • bind97-32:9.7.0-21.P2.el5
  • bind97-chroot-32:9.7.0-21.P2.el5
  • bind97-devel-32:9.7.0-21.P2.el5
  • bind97-libs-32:9.7.0-21.P2.el5
  • bind97-utils-32:9.7.0-21.P2.el5
refmap via4
apple APPLE-SA-2014-10-16-3
bid 64801
confirm
debian DSA-3023
fedora
  • FEDORA-2014-0811
  • FEDORA-2014-0858
freebsd FreeBSD-SA-14:04
hp
  • HPSBUX02961
  • SSRT101420
mandriva MDVSA-2014:002
osvdb 101973
sectrack 1029589
secunia
  • 56425
  • 56427
  • 56442
  • 56493
  • 56522
  • 56574
  • 56871
  • 61117
  • 61199
  • 61343
slackware
  • SSA:2014-028-01
  • SSA:2014-175-01
suse
  • SUSE-SU-2015:0480
  • openSUSE-SU-2014:0199
  • openSUSE-SU-2014:0202
ubuntu USN-2081-1
Last major update 06-01-2017 - 21:59
Published 13-01-2014 - 23:29
Last modified 30-10-2018 - 12:27
Back to Top