{"vuid":"VU#739123","idnumber":"739123","name":"ISC BIND 9 fails to process additional data chains in responses correctly thereby causing the server to fail an internal consistency check","keywords":["ISC","BIND","name server","named","DoS","denial of service additional data chains","internal consistency check"],"overview":"A denial-of-service vulnerability exists in version 9 of the Internet Software Consortium's (ISC) Berkeley Internet Name Domain (BIND) server. ISC BIND versions 8 and 4 are not affected. Exploiting this vulnerability will cause vulnerable BIND servers to shut down.","clean_desc":"BIND is an implementation of the Domain Name System (DNS) that is maintained by the ISC. A vulnerability in Version 9 of BIND exists which may result in the deliberate shutdown of vulnerable BIND servers by arbitrary remote attackers. The shutdown can be caused by a specific DNS packet designed to create an improperly-handled error condition. Because the error condition is correctly detected but is not handled properly, this vulnerability will not allow an intruder to execute arbitrary code or write data to arbitrary locations in memory. The error condition that triggers the shutdown occurs when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL as expected. The condition causes the code to assert an error message and call abort() to shutdown the BIND server.","impact":"Exploitation of this vulnerability will cause the vulnerable BIND server to abort and shut down. As a result, the BIND server will not be available unless restarted.","resolution":"Apply a patch from your vendor or upgrade to BIND 9.2.1. BIND 9.2.1 is available from http://www.isc.org/products/BIND/bind9.html.","workarounds":"","sysaffected":"","thanks":"The CERT/CC thanks the \nInternet Software Consortium (ISC)\n for reporting this vulnerability to us.","author":"This document was written by Ian A. Finlay.","public":["http://www.isc.org/products/BIND/bind9.html","ftp://ftp.isc.org/isc/bind9/9.2.1/bind-9.2.1.tar.gz","ftp://ftp.isc.org/isc/bind9/9.2.1/bind-9.2.1.tar.gz.asc","ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.2.1/BIND9.2.1.zip","ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.2.1/BIND9.2.1.zip.asc","http://www.securityfocus.com/bid/4936"],"cveids":["CVE-2002-0400"],"certadvisory":"CA-2002-15","uscerttechnicalalert":null,"datecreated":"2002-05-30T13:22:53Z","publicdate":"2001-05-04T00:00:00Z","datefirstpublished":"2002-06-04T20:19:54Z","dateupdated":"2002-09-18T14:42:14Z","revision":57,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"5","cam_exploitation":"10","cam_internetinfrastructure":"19","cam_population":"20","cam_impact":"8","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"40.8","cam_scorecurrentwidelyknown":"58.8","cam_scorecurrentwidelyknownexploited":"70.8","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":40.8,"vulnote":null}