PROBLEM:
A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).
PLATFORM:
Version(s):
ISC BIND 9.2.x
ISC BIND 9.3.x
ISC BIND 9.4.x
ISC BIND 9.5.x
ISC BIND 9.6.x
ISC BIND 9.7.x
ISC BIND 9.8.x
ISC BIND 9.9.x
ABSTRACT:
This problem was uncovered while testing with experimental DNS record types. It is possible to add records to BIND with null (zero length) rdata fields.
Reference List:
Secunia Advisory 49338
CVE-2012-1667
Original Advisory
IMPACT ASSESSMENT:
High
Discussion:
Recursive servers may crash or disclose some portion of memory to the client. Secondary servers may crash on restart after transferring a zone containing these records. Master servers may corrupt zone data if the zone option "auto-dnssec" is set to "maintain". Other unexpected problems that are not listed here may also be encountered.
Impact:
Exposure of sensitive information, DoS
Solution:
Upgrade to BIND version 9.6-ESV-R7-P1, 9.7.6-P1, 9.8.3-P1, or 9.9.1-P1