BIND 9»Ø¾ø·þÎñ·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2018-08-10

·ì϶±àºÅºÍ¼¶±ð


CVE-2018-5740£¬¸ßΣ£¬³§ÉÌ×ÔÆÀ£º7.5£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


BIND 9.7.0->9.8.8£¬9.9.0->9.9.13£¬9.10.0->9.10.8£¬ 9.11.0->9.11.4£¬9.12.0->9.12.2£¬9.13.0->9.13.2


·ì϶¸ÅÊö


¡°deny-answer-aliases¡±ÊÇÒ»¸öºÜÉÙʹÓõÄÖ°ÄÜ£¬Ö¼ÔÚÔ®ÊÖÓòÃûµÝ¹é·þÎñÆ÷± £»¤×îÖÕÓû§ÃâÊÜDNS³Áа󶨹¥»÷£¬ÕâÊÇÒ»ÖÖÈƹý¿Í»§¶Ëä¯ÀÀÆ÷ʹÓõݲȫģÐ͵ĴúÌæ²½Öè¡£ µ«ÊÇ£¬´ËÖ°ÄÜÖеÄȱµãʹµÃÔÚʹÓøÃÖ°ÄÜʱ£¬ÈÝÒ×ÔÚname.cÖÐÓöµ½¶ÏÑÔʧ°Ü£¬·ÇÓÐÒâ»òÓÐÒâ´¥·¢´Ëȱµã½«µ¼ÖºÅÁîÖеÄREQUIRE¶ÏÑÔʧ°Ü£¬´Ó¶øµ¼ÖÂBIND¹ý³ÌÖÕ³¡Ö´Ðв¢µ¼Ö»ؾøΪ¿Í»§¶ËÌṩ·þÎñ¡£ Ö»ÓÐÃ÷È·ÆôÓá°deny-answer-aliases¡±Ö°ÄܵķþÎñÆ÷²ÅÓзçÏÕ£¬½ûÓøÃÖ°ÄÜÄܹ»×èÖ¹·ì϶ÀûÓá£


·ì϶ÑéÖ¤


ĿǰûÓÐpoc°ä²¼¡£


½¨¸´½¨Òé


´óÎÞÊýϵͳ²Ù×÷Ô±²»±ØÒª½øÐÐÈκθü¸Ä£¬³ý·ÇËûÃÇʹÓá°deny-answer-aliases¡±Ö°ÄÜ£¨ÔÚBIND 9ÖÎÀíÔ±²Î¿¼ÊÖ²áµÚ6.2½ÚÖÐÓÐÃèÊö£©¡£¡°deny-answer-aliases¡±Ä¬ÈÏÊǹعصÄ£¬Ö»ÓÐÃ÷È·ÆôÓÃËüµÄÅäÖòŻáÊܵ½´ËȱµãµÄÓ°Ïì¡£
ÈôÊÇÄúʹÓá°deny-answer-aliases¡±Ö°ÄÜ£¬ÇëÉý¼¶µ½ÓëÄúµ±Ç°°æ±¾µÄBIND×îÇ×êÇÓйصĽ¨²¹°æ±¾¡£https://kb.isc.org/article/AA-00913
9.9.13-P1
9.10.8-P1
9.11.4-P1
9.12.2-P1

9.11.3-S3


²Î¿¼Á´½Ó


https://securityaffairs.co/wordpress/75200/security/bind-dns-software-dos.html
https://kb.isc.org/article/AA-01639/0/CVE-2018-5740%3A-A-flaw-in-the-deny-answer-aliases-feature-can-cause-an-INSIST-assertion-failure-in-named.html
https://kb.isc.org/article/AA-00913