Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 DNS:RRSIG-QUERY

Severity

 Minor

Recommended

 No

Category

 DNS

Keywords

 RRSIG Query

Release Date

 2011/07/18

Update Number

 1956

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

DNS: RRSIG Query


This signature detects DNS RRSIG queries. RRSIG queries are used by the DNS-SEC specification to securely confirm valid DNS records. Recent security vulnerabilities in ISC BIND's implementation of DNS-SEC are leveraged by RRSIG queries, which are site-configuration-specific. A generic detection signature, other than detecting all RRSIG queries, is not possible. RRSIG queries are not inherently malicious.

Extended Description

ISC BIND is prone to multiple remote denial-of-service vulnerabilities under certain response policy zone (RPZ) configurations. An attacker can exploit these issues to cause the application process to crash, denying service to legitimate users.

Affected Products

  • Isc bind 9.8.0
  • Isc bind 9.8.0-P1
  • Isc bind 9.8.0-P2
  • Isc bind 9.8.1b1
  • Red_hat fedora 15
  • Suse opensuse 11.3
  • Suse opensuse 11.4
  • Suse suse_linux_enterprise_desktop 10 SP4
  • Suse suse_linux_enterprise_desktop 11 SP1
  • Suse suse_linux_enterprise_sdk 10 SP4
  • Suse suse_linux_enterprise_sdk 11 SP1
  • Suse suse_linux_enterprise_server 10 SP4
  • Suse suse_linux_enterprise_server 11 SP1

References

  • BugTraq: 48566
  • BugTraq: 48565
  • CVE: CVE-2011-2464
  • CVE: CVE-2011-2465
  • URL: http://www.rfc-ref.org/RFC-TEXTS/4034/

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out