VULNERABILITIES / FIXES - October 10, 2012
by Carol~ - 10/10/12 4:46 AM
ISC BIND Record Handling Lockup Vulnerability
Release Date : 2012-10-10
Criticality level : Moderately critical
Where : From remote
Solution Status : Vendor Patch
Software: ISC BIND 9.6.x
ISC BIND 9.7.x
ISC BIND 9.8.x
ISC BIND 9.9.x
A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when handling queries for certain records and can be exploited to cause the named process to lockup.
Successful exploitation requires a combination of RDATA to be loaded into a nameserver (e.g. via cache or an authoritative zone).
Please see the vendor's advisory for a list of affected versions.
Update to a fixed release (please see the vendor's advisory for details).
Provided and/or discovered by:
The vendor credits Jake Montgomery, Dyn, Inc.