IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Advisory 02-004.1

ISC BIND 9 DoS Vulnerability
June 05, 2002

The CERT Coordination Center (CERT/CC) has issued an advisory on a new vulnerability in the Internet Software Consortium's (ISC) Berkeley Internet Name Domain (BIND). The vulnerability is in version 9 to 9.2 and not in versions 4 or 8. Exploitation of this vulnerability will cause vulnerable BIND server(s) to abort and shut down. After this shutdown, the daemon must be manually restarted. This shut down could cause a Denial-of-Service (DOS) effect on other related services that depend on the proper operation of Domain Name System (DNS). Due to the ease of exploiting this vulnerability, the National Infrastructure Protection Center (NIPC) strongly urges the community to take recommended actions to patch or upgrade their version of BIND.


BIND is an implementation of the DNS that is maintained by the ISC. The error condition that triggers the shutdown occurs when the rdataset parameter to the dns_message_findtype function in message.c is not "NULL" as expected. The condition causes the code to issue an error message and system request to shutdown the BIND server. See CERT/CC for more detailed information on the vulnerability at: http://www.cert.org/advisories.

Recommended Actions:

The NIPC strongly urges the community to take recommended actions to either apply patches from their vendors or upgrade their version of BIND 9 to version 9.2.1. For mitigation strategies, as well as up-to-date vendor information please refer to the BIND page, found here: http://www.isc.org/products/BIND/ . The CERT/CC webpage has provided an appendix to its Advisory that contains information provided by the vendors (http://www.cert.org/advisories/).

The NIPC encourages recipients of this alert to report computer intrusions to their local FBI office (http://www.fbi.gov/contact/fo/fo.htm) or the NIPC, and to other appropriate authorities. Recipients may report incidents online at http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC Watch and Warning Unit at (202) 323-3205, 1-888-585-9078 or nipc.watch@fbi.gov.