BIND DNSSEC Validation Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1017573 |
|
SecurityTracker URL: http://securitytracker.com/id/1017573
|
|
CVE Reference:
CVE-2007-0494
(Links to External Site)
|
Updated: Jan 31 2007
|
Original Entry Date: Jan 30 2007
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 9.0.x, 9.1.x, 9.2.0 - 9.2.7, 9.3.0 - 9.3.3, 9.4.x prior to 9.4.0rc2
|
Description:
A vulnerability was reported in BIND. A remote user can cause denial of service conditions.
A remote user can send specially crafted data to cause the target service to crash. A type * (ANY) DNS query that results in a response with multiple RRsets can trigger this flaw in the DNSSEC validation code.
The following versions are affected:
BIND 9.0.x
BIND 9.1.x
BIND 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7
BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3
BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, 9.4.0b1, 9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1
BIND 9.5.0a1 (Bind Forum only)
|
Impact:
A remote user can cause the target name service to crash.
|
Solution:
The vendor has issued fixed versions (9.2.8, 9.3.4, and 9.4.0rc2).
The fix will be included in the upcoming BIND 9.5.0a2 release.
[Editor's note: This solution also addresses a separate BIND vulnerability that was previously reported in Alert ID 1017561.]
|
Vendor URL: www.isc.org/ (Links to External Site)
|
Cause:
State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
