Note: This is an archival copy of Security Sun Alert 264828 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020788.1. |
Category Security Release Phase Resolved 6865903 Date of Workaround Release 29-Jul-2009 Date of Resolved Release 05-Aug-2009 A Security Vulnerability in Solaris BIND named(1M) Due to Insufficient Input Validation of Dynamic Update Requests Can Lead to Denial of Service (DoS) 1. Impact An insufficient input validation vulnerability in the Solaris named(1M) daemon (part of the BIND 9 ISC distribution) may allow a remote unprivileged user to send a specially crafted dynamic update packet and crash the named(1M) daemon which is a type of Denial of Service (DoS). This issue is also referenced in the following documents: US CERT VU#725188 at http://www.kb.cert.org/vuls/id/725188
CVE-2009-0696 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 SC Security Advisory "BIND Dynamic Update DoS" at https://www.isc.org/node/474 2. Contributing Factors This issue can occur in the following releases: SPARC Platform
1. Solaris 8 entered EOSL Phase 2 on 1 April 2009. Entitlement to patches developed on or after 1 April 2009 requires the purchase of the Solaris 8 Vintage Patch Service. See note in section 5 for more details. 2. This issue only affects systems configured as Domain Name System (DNS) servers. A system is configured to be a DNS server if the configuration file "/etc/named.conf" exists, (see named.conf(4)) and the named(1M) daemon is running on the system. To determine if named(1M) is running on a system the following command can be used: $ pgrep named || echo "named is not running"3. This issue affects servers configured as primary server serving one or more zones with configured type "master". Such servers will have zone entries in '/etc/named.conf' similar to the following: zone "cities.zn" {
3. Symptomstype master; file "db.cities.zn"; }; zone "0.in-addr.arpa" { type master; file "db.127.cities.zn"; }; If this issue has occurred, the named(1M) daemon will no longer be running on the DNS server and depending on the system-wide coreadm(1M) settings, a core file may also be generated. 4. Workaround Note that although this issue was introduced into Solaris 8 and 9 by installing patches which allowed the server to move from BIND 8 to BIND 9, it is NOT advisable to remove those patches to avoid this issue described in this Sun Alert. This is because there are several outstanding issues with BIND 8. All systems should now have moved from BIND 8 to BIND 9. 5. Resolution This issue is addressed in the following releases: SPARC Platform
For more information on Security Sun Alerts, see 1009886.1. This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements. Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. Modification History 30-Jul-2009: Updated Contributing Factors section 31-Jul-2009: Updated Workaround section for T-Patches 05-Aug-2009: Updated Contributing Factors and Resolution sections; Resolved Product Solaris 10 Operating System Solaris 9 Operating System Solaris 8 Operating System OpenSolaris References112837-20114265-19 109326-25 109327-25 119783-12 119784-12 Attachments This solution has no attachment |
|