SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
BIND 'RRSIG' Query Processing Error Lets Remote Users Deny Service
SecurityTracker Alert ID:  1024217
SecurityTracker URL:  http://securitytracker.com/id/1024217
CVE Reference:   CVE-2010-0213   (Links to External Site)
Date:  Jul 17 2010
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 9.7.1, 9.7.1-P1
Description:   A vulnerability was reported in BIND. A remote user can cause denial of service conditions.

A remote user can submit a specially crafted request for a record of type 'RRSIG' to a target validating recursive server. If the target server has one or more trust anchors configured statically and/or via DNSSEC Lookaside Validation (DLV) and if the answer to the request is not already in cache, the target server will enter an infinite loop generating queries for RRSIGs to the authoritative servers for the zone containing the queried name.

Impact:   A remote user can cause the target server to enter an infinite loop.
Solution:   The vendor has issued a fix (9.7.1-P2).

The vendor's advisory is available at:

http://www.isc.org/software/bind/advisories/cve-2010-0213

Vendor URL:  www.isc.org/software/bind/advisories/cve-2010-0213 (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC