Check Point Advisories

BIND 9 DNS Server Dynamic Update Denial of Service - High Confidnce

Vulnerability
Protection

Check Point Reference:	CPAI-2013-1652
Date Published:	9 Apr 2013
Severity:	Critical
Last Updated:	Thursday 18 April, 2024
Source:
Protection Provided by:	Security Gateway R75
Who is Vulnerable?	ISC BIND 9.4.x prior to 9.4.3-P3 ISC BIND 9.5.x prior to 9.5.1-P3 ISC BIND 9.6.x prior to 9.6.1-P1 ISC BIND 9.x prior to 9.4
Vulnerability Description	ISC BIND 9 contains a vulnerability that may allow a remote attacker to create a denial-of-service condition. The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC). It includes support for dynamic DNS updates. BIND 9 can crash when processing a specially-crafted dynamic update packet. By sending a specially-crafted dynamic update packet to a BIND 9 server, a remote, unauthenticated attacker can cause a denial of service by causing BIND to crash. ISC notes that the vulnerability affects all servers that are masters for one or more zones (launching the attack against slave zones does not trigger the vulnerability) and is not limited to those that are configured to allow dynamic updates.

Protection Overview

This protection will detect and block DNS update requests for RR of type ANY.

In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.

Security Gateway R75 / R71 / R70

In the IPS tab, click Protections and find the BIND 9 DNS Server Dynamic Update Denial of Service - High Confidnce protection using the Search tool and Edit the protection's settings.
Install policy on all modules.

SmartView Tracker will log the following entries:
Attack Name: DNS Enforcement Violation
Attack Information: BIND 9 DNS Server Dynamic Update Denial of Service - High Confidnce