|
|
|
Vulnerability Note VU#739123ISC BIND 9 fails to process additional data chains in responses correctly thereby causing the server to fail an internal consistency checkOverviewA denial-of-service vulnerability exists in version 9 of the Internet Software Consortium's (ISC) Berkeley Internet Name Domain (BIND) server. ISC BIND versions 8 and 4 are not affected. Exploiting this vulnerability will cause vulnerable BIND servers to shut down.I. DescriptionBIND is an implementation of the Domain Name System (DNS) that is maintained by the ISC. A vulnerability in Version 9 of BIND exists which may result in the deliberate shutdown of vulnerable BIND servers by arbitrary remote attackers. The shutdown can be caused by a specific DNS packet designed to create an improperly-handled error condition. Because the error condition is correctly detected but is not handled properly, this vulnerability will not allow an intruder to execute arbitrary code or write data to arbitrary locations in memory. The error condition that triggers the shutdown occurs when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL as expected. The condition causes the code to assert an error message and call abort() to shutdown the BIND server.II. ImpactExploitation of this vulnerability will cause the vulnerable BIND server to abort and shut down. As a result, the BIND server will not be available unless restarted.III. SolutionApply a patch from your vendor or upgrade to BIND 9.2.1. BIND 9.2.1 is available from http://www.isc.org/products/BIND/bind9.html.Systems Affected
References
The CERT/CC thanks the Internet Software Consortium (ISC) for reporting this vulnerability to us. This document was written by Ian A. Finlay.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||