ISC BIND 9 contains a vulnerability that may allow a remote, unauthenticated attacker to create a denial-of-service condition.
The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC). It includes support for dynamic DNS updates as specified in IETF RFC 2136. BIND 9 can crash when processing a specially-crafted dynamic update packet.
ISC notes that this vulnerability affects all servers that are masters for one or more zones and is not limited to those that are configured to allow dynamic updates. ISC also indicates that the attack packet has to be constructed for a zone for which the target system is configured as a master; launching the attack against slave zones does not trigger the vulnerability.
By sending a specially-crafted dynamic update packet to a BIND 9 server, a remote, unauthenticated attacker can cause a denial of service by causing BIND to crash.
Apply an update
Thanks to ISC for reporting this vulnerability.
|Date First Published:||2009-07-28|
|Date Last Updated:||2009-08-27 14:10 UTC|