You are here

V-172: ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service Against Recursive Resolvers

June 6, 2013 - 6:00am

Addthis

PROBLEM:

A vulnerability was reported in BIND

PLATFORM:

BIND 9.6-ESV-R9, 9.8.5, and 9.9.3 are affected

ABSTRACT:

A defect exists which allows an attacker to crash a BIND 9 recursive resolver with a RUNTIME_CHECK error in resolver.c

REFERENCE LINKS:

SecurityTracker Alert ID:  1028632
ISC KB AA-00967
CVE-2013-3919

IMPACT ASSESSMENT:

High

DISCUSSION:

A remote user can send a request for a specially crafted zone to a target recursive resolver to trigger a fatal "RUNTIME_CHECK" error in 'resolver.c' and cause the target resolver to crash

IMPACT:

Triggering this defect will cause the affected server to exit with an error, denying service to recursive DNS clients that use that particular server

SOLUTION:

Vendor recommends upgrading to current Version(s)

Addthis