Berkeley Internet Name Domain (BIND) is the Domain Name Service implementation suit maintained by Internet Systems Consortium (ISC). BIND can be used for purpose of keeping and responding to requests regarding authoritative information about domains as well as it can act as recursive name server.

A DNS message consists of several types of resource records (RRs) like type A and AAAA to specify details about DNS resources and entities. Extension Mechanism for DNS (EDNS0) is used to send additional capability information like Payload Size which uses OPT pseudo-RR. This pseudo RR contains various options, one of them is DNS Cookie Option which is used to provide security for clients and servers against DoS and forgery attacks.

BIND is prone to DoS. Function process_opt() is called when BIND receives OPT pseudo-RR which checks variables, sitbad and sitgood are zero upon receiving COOKIE option using INSIST assertion and then it sets one of the variables to one according to cookie received. If it encounters second COOKIE option, it leads to an assertion failure because of previously set one of sitbad or sitgood variables. This causes BIND to terminate.

Remote attacker can exploit this vulnerability by sending crafted DNS messages which can lead to Daniel of service condition.

This vulnerability affects the following products:

  • ISC BIND 9.10.0 through 9.10.3-P3

Dell SonicWALL Threat Research Team has researched this vulnerability and released following signatures to protect their customers:

  • IPS:11525 ISC BIND Cookie Option DoS
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.