A remotely exploitable denial-of-service vulnerability exists in BIND.
A remotely exploitable denial-of-service vulnerability exists in BIND 8.2 - 8.2.6 and BIND 8.3.0 - 8.3.3. ISC's description of this vulnerability states:
It is possible to de-reference a NULL pointer for certian [sic] signature expire values.
The BIND daemon will shut down. As a result, clients will not be able to connect to the service to resolve queries.
Apply a patch from your vendor. In the absence of a patch, you may wish to consider ISC's recommendation, which is upgrading to "BIND 4.9.11, BIND 8.2.7, BIND 8.3.4 or preferably BIND 9." Additionally, ISC indicates, "BIND 4 is officially deprecated. Only security fixes will be issued for BIND 4."
Disable recursion if possible.
Internet Security Systems is credited for discovering this vulnerability.
This document was written by Ian A Finlay.
|Date First Published:||2002-11-13|
|Date Last Updated:||2003-02-25 18:24 UTC|