{"vuid":"VU#734644","idnumber":"734644","name":"ISC BIND 8 vulnerable to cache poisoning via negative responses","keywords":["ISC BIND 8 Bug 1581","cache poisoning","invalid negative answers","negative cache response","NXDOMAIN"],"overview":"The BIND 8 name server contains a cache poisoning vulnerability that allows attackers to conduct denial-of-service attacks on specific target domains.","clean_desc":"Several versions of the BIND 8 name server are vulnerable to cache poisoning via negative responses. To exploit this vulnerability, an attacker must configure a name server to return authoritative negative responses for a given target domain. Then, the attacker must convince a victim user to query the attacker's maliciously configured name server. When the attacker's name server receives the query, it will reply with an authoritative negative response containing a large TTL (time-to-live) value. If the victim's site runs a vulnerable version of BIND 8, it will cache the negative response and render the target domain unreachable until the TTL expires.","impact":"Attackers may conduct denial-of-service attacks on specific target domains by enticing users to query a malicious name server.","resolution":"Upgrade BIND The ISC has prepared BIND 8.3.7 and BIND 8.4.3 to address this vulnerability. Name servers running BIND 4 are not affected. To obtain the latest versions of BIND, please visit http://www.isc.org/products/BIND/ Apply a patch or updated version from your vendor Many operating system vendors include BIND with their products and will be preparing new versions to address this vulnerability. For a list of vendors that the CERT/CC has received information from regarding this vulnerability, please see the Systems Affected section of this document.","workarounds":"","sysaffected":"","thanks":"The CERT/CC thanks the Internet Software Consortium for bringing this vulnerability to our attention.","author":"This document was written by Jeffrey P. Lanza.","public":["http://www.isc.org/products/BIND/bind8.html","http://marc.theaimsgroup.com/?l=bind-announce&m=106988846219834&w=2","http://marc.theaimsgroup.com/?l=bind-announce&m=106988846919846&w=2","http://secunia.com/advisories/10300/"],"cveids":["CVE-2003-0914"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-10-09T17:41:04Z","publicdate":"2003-11-26T00:00:00Z","datefirstpublished":"2003-12-01T16:02:29Z","dateupdated":"2004-01-05T00:30:32Z","revision":42,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"5","cam_exploitation":"10","cam_internetinfrastructure":"5","cam_population":"20","cam_impact":"5","cam_easeofexploitation":"4","cam_attackeraccessrequired":"10","cam_scorecurrent":"1.5","cam_scorecurrentwidelyknown":"2.625","cam_scorecurrentwidelyknownexploited":"3.375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.5,"vulnote":null}