A remotely exploitable denial-of-service vulnerability exists in BIND.
A remotely exploitable denial-of-service vulnerability exists in BIND 8.2 - 8.2.6 and BIND 8.3.0 - 8.3.3. ISC's description of this vulnerability states:
It is possible to de-reference a NULL pointer for certian [sic] signature expire values.
The BIND daemon will shut down. As a result, clients will not be able to connect to the service to resolve queries.
Apply a patch from your vendor. In the absence of a patch, you may wish to consider ISC's recommendation, which is upgrading to "BIND 4.9.11, BIND 8.2.7, BIND 8.3.4 or preferably BIND 9." Additionally, ISC indicates, "BIND 4 is officially deprecated. Only security fixes will be issued for BIND 4."
Disable recursion if possible.
Apple Computer Inc.
Red Hat Inc.
Internet Security Systems is credited for discovering this vulnerability.
This document was written by Ian A Finlay.
|Date First Published:||2002-11-13|
|Date Last Updated:||2003-02-25 18:24 UTC|