VU#542123: ISC BIND 9 resolver cache vulnerability

Posted on by

Vulnerability Note VU#542123


ISC BIND 9 resolver cache vulnerability


Overview

ISC BIND 9 resolver contains a vulnerability that could allow a attacker to keep a domain name in the cache even after it has been deleted from registration.

I. Description

According to ISC:

ISC has been notified by Haixin Duan (a professor at Tsinghua University in Beijing China, who is currently visiting the International Computer Science Institute (ICSI) at the University of California, Berkeley) about a DNS resolver vulnerability. This vulnerability allows a miscreant to keep a domain name in the cache even after it has been deleted from registration. ISC is evaluating the risk of this vulnerability, but the published paper shows how this was done live across the Internet. It lists several DNS implementations and open resolver deployments as vulnerable.

The exploit was presented at the NDSS conference: “Ghost Domain Names: Revoked Yet Still Resolvable”

II. Impact

A remote, unauthenticated attacker can cause the BIND 9 resolver to keep a domain name in the cache even after it has been deleted from registration.

III. Solution

We are currently unaware of a practical solution to this problem.

Vendor Information




VendorStatusDate NotifiedDate Updated
Internet Systems ConsortiumAffected2012-02-08

References

https://www.isc.org/software/bind/advisories/cve-2012-1033
http://www.internetsociety.org/events/ndss-symposium-2012/symposium-program/feb08

Credit


The Internet Systems Consortium thanks the following people for reporting this vulnerability:
Jian Jiang, Network Research Center, Tsinghua University
Haixin Duan, Network Research Center, Tsinghua University
Jianping Wu, Network Research Center, Tsinghua University
Kang Li, Department of Computer Science, University of Georgia
Jun Li, University of Oregon Carlos III University of Madrid, Institute IMDEA Networks
Jinjin Liang, Network Research Center Tsinghua University
Nicholas Weaver, International Computer Science Institute (ICSI)

This document was written by Michael Orlando.

Other Information










Date Public:2012-02-07
Date First Published:2012-02-08
Date Last Updated:2012-02-08
CERT Advisory: 
CVE-ID(s):CVE-2012-1033
NVD-ID(s):CVE-2012-1033
US-CERT Technical Alerts: 
Severity Metric:19.89
Document Revision:7

The original article/video can be found at VU#542123: ISC BIND 9 resolver cache vulnerability

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.