BIND 9¾Ü¾øЧÀÍÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2018-08-10

Îó²î±àºÅºÍ¼¶±ð


CVE-2018-5740£¬£¬£¬£¬¸ßΣ£¬£¬£¬£¬³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


BIND 9.7.0->9.8.8£¬£¬£¬£¬9.9.0->9.9.13£¬£¬£¬£¬9.10.0->9.10.8£¬£¬£¬£¬ 9.11.0->9.11.4£¬£¬£¬£¬9.12.0->9.12.2£¬£¬£¬£¬9.13.0->9.13.2


Îó²î¸ÅÊö


¡°deny-answer-aliases¡±ÊÇÒ»¸öºÜÉÙʹÓõĹ¦Ð§£¬£¬£¬£¬Ö¼ÔÚ×ÊÖúÓòÃûµÝ¹éЧÀÍÆ÷±£»£» £»£»¤×îÖÕÓû§ÃâÊÜDNSÖØа󶨹¥»÷£¬£¬£¬£¬ÕâÊÇÒ»ÖÖÈƹý¿Í»§¶Ëä¯ÀÀÆ÷ʹÓõÄÇ徲ģ×ÓµÄÌæ»»ÒªÁì¡£¡£¡£¡£ ¿ÉÊÇ£¬£¬£¬£¬´Ë¹¦Ð§ÖеÄȱÏÝʹµÃÔÚʹÓøù¦Ð§Ê±£¬£¬£¬£¬ÈÝÒ×ÔÚname.cÖÐÓöµ½¶ÏÑÔʧ°Ü£¬£¬£¬£¬·Ç¾ÓÐÄ»ò¾ÓÐÄ´¥·¢´ËȱÏݽ«µ¼ÖÂÏÂÁîÖеÄREQUIRE¶ÏÑÔʧ°Ü£¬£¬£¬£¬´Ó¶øµ¼ÖÂBINDÀú³Ì×èÖ¹Ö´Ðв¢µ¼Ö¾ܾøΪ¿Í»§¶ËÌṩЧÀÍ¡£¡£¡£¡£ Ö»ÓÐÃ÷È·ÆôÓá°deny-answer-aliases¡±¹¦Ð§µÄЧÀÍÆ÷²ÅÓÐΣº¦£¬£¬£¬£¬½ûÓøù¦Ð§¿ÉÒÔ×èÖ¹Îó²îʹÓᣡ£¡£¡£


Îó²îÑéÖ¤


ÏÖÔÚûÓÐpocÐû²¼¡£¡£¡£¡£


ÐÞ¸´½¨Òé


´ó´ó¶¼ÏµÍ³²Ù×÷Ô±²»ÐèÒª¾ÙÐÐÈκθü¸Ä£¬£¬£¬£¬³ý·ÇËûÃÇʹÓá°deny-answer-aliases¡±¹¦Ð§£¨ÔÚBIND 9ÖÎÀíÔ±²Î¿¼ÊÖ²áµÚ6.2½ÚÖÐÓÐÐÎò£©¡£¡£¡£¡£¡°deny-answer-aliases¡±Ä¬ÈÏÊǹرյÄ£¬£¬£¬£¬Ö»ÓÐÃ÷È·ÆôÓÃËüµÄÉèÖòŻáÊܵ½´ËȱÏݵÄÓ°Ïì¡£¡£¡£¡£
ÈôÊÇÄúʹÓá°deny-answer-aliases¡±¹¦Ð§£¬£¬£¬£¬ÇëÉý¼¶µ½ÓëÄúÄ¿½ñ°æ±¾µÄBIND×îÇ×½üÏà¹ØµÄÐÞ²¹°æ±¾¡£¡£¡£¡£https://kb.isc.org/article/AA-00913
9.9.13-P1
9.10.8-P1
9.11.4-P1
9.12.2-P1

9.11.3-S3


²Î¿¼Á´½Ó


https://securityaffairs.co/wordpress/75200/security/bind-dns-software-dos.html
https://kb.isc.org/article/AA-01639/0/CVE-2018-5740%3A-A-flaw-in-the-deny-answer-aliases-feature-can-cause-an-INSIST-assertion-failure-in-named.html
https://kb.isc.org/article/AA-00913