You are here

U-221: ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability

July 26, 2012 - 7:00am

Addthis

PROBLEM:

ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability

PLATFORM:

BIND 9.6-ESV-R1 through versions 9.6-ESV-R7-P1
BIND 9.7.1 through versions 9.7.6-P1
BIND 9.8.0 through versions 9.8.3-P1
BIND 9.9.0 through versions 9.9.1-P1

ABSTRACT:

ISC BIND is prone to a denial-of-service vulnerability.

reference LINKS:

The Vendor's Advisory
CVE-2012-3817
Bugtraq ID: 54658
SecurityTracker Alert ID: 1027296

IMPACT ASSESSMENT:

High

Discussion:

When DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.

Impact:

An attacker can exploit this issue to cause an assertion failure in the 'named' process, denying service to legitimate users. This issue may also be exploited to disclose certain memory information to clients.

Solution:

The vendor has issued a fix.

Addthis