A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system.
The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC). BIND supports the DNS Security Extensions (DNSSEC), including the NextSECure (NSEC) RDATA Format defined by RFC3845. An incorrect assumption in the validator function authvalidated()can result in an internal consistancy test failing and named exiting. An attacker with the ability to craft specific DNS packets could exploit this vulnerability to cause a denial of service. This vulnerability only affects BIND version 9.3.0.
A remote attacker may be able to cause the name server daemon to exit prematurely, thereby causing a denial of service for DNS operations.
Apply a patch from the vendor
Patches have been released in response to this issue. Please see the Systems Affected section of this document.
Thanks to Joao Damas of the Internet Systems Consortium for reporting this vulnerability.
|Date First Published:||2005-01-25|
|Date Last Updated:||2005-06-21 13:36 UTC|