vulnerability alert CVE-2012-1667
BIND: denial of service via rdata null
Synthesis of the vulnerability
An attacker can use a zone containing an empty record, in order to stop a recursive DNS server, or to obtain fragments of its memory.Impacted products:
Debian, BIG-IP Appliance, Fedora, FreeBSD, HP-UX, AIX, BIND, MES, Mandriva Linux, McAfee Email and Web Security, NLD, OpenBSD, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, ESX.
BID-53772, c03388901, c03526327, CERTA-2012-AVI-305, CERTA-2012-AVI-305-001, CERTA-2012-AVI-348, CERTA-2012-AVI-364, CERTA-2012-AVI-601, CERTA-2012-AVI-663, CVE-2012-1667, DSA 2486-1, ESX410-201211001, ESX410-201211401-SG, ESX410-201211402-SG, ESX410-201211405-SG, ESX410-201211407-SG, FEDORA-2012-8946, FEDORA-2012-8962, FEDORA-2012-8968, FreeBSD-SA-12:03.bind, HPSBUX02795, HPSBUX02823, IV22554, IV22555, IV22556, IV22557, IV22625, MDVSA-2012:089, openSUSE-SU-2012:0722-1, openSUSE-SU-2013:0605-1, RHSA-2012:0716-01, RHSA-2012:0717-01, RHSA-2012:1110-01, sol13175, SOL13660, SSA:2012-166-01, SSA:2012-341-01, SSRT100878, SSRT100976, SUSE-SU-2012:0741-1, SUSE-SU-2012:0741-2, SUSE-SU-2012:0741-3, SUSE-SU-2012:0741-4, SUSE-SU-2012:0741-5, SUSE-SU-2012:0741-6, VIGILANCE-VUL-11671, VMSA-2012-0016, VU#381699.
Description of the vulnerability
A DNS record contains data (rdata, Record Data), such as a server name or an IP address.
These data can have an empty size. However, BIND processes this case with a NULL pointer, which is handled in a special way. BIND then tries to read data at an invalid memory address. This leads to a stop or to the disclosure of a memory area.
This case occurs when BIND is configured as a recursive server, and queries the attacker's server containing an empty record. This case also occurs when an authoritative server contains an empty record, so secondary servers can memorize an invalid value in their cache.
An attacker can therefore use a zone containing an empty record, in order to stop a recursive DNS server, or to obtain fragments of its memory.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides computers vulnerabilities alerts
. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.