You are here

V-007: McAfee Firewall Enterprise ISC BIND Record Handling Lockup Vulnerability

October 22, 2012 - 6:00am

Addthis

PROBLEM:

McAfee Firewall Enterprise ISC BIND Record Handling Lockup Vulnerability

PLATFORM:

Versions 8.2.x prior to 8.2.1P06, and 8.3.x prior to 8.3.0P02

REFERENCE LINKS:

Secunia Advisory SA51050  
CVE-2012-5166    
McAfee Corporate Knowledge Base

IMPACT ASSESSMENT:

Medium

DISCUSSION:

The vulnerability is caused due to an error when handling queries for certain records and can be exploited to cause the named process to lockup.

IMPACT:

If specific combinations of RDATA are loaded into a nameserver, either via cache or an authoritative zone, a subsequent query for a related record will cause named to lock up.

SOLUTION:

Update to version 8.2.1P06 or 8.3.0P02 when available

 

Addthis