CVE-2013-4854: A specially crafted query can cause BIND to terminate abnormally
2013/07/27 10:46author:
[ size:big normal small ]
 A specially crafted query sent to a BIND nameserver can cause it to crash (terminate abnormally).

Description:

 A specially crafted query that includes malformed rdata can cause named to terminate with an assertion failure while rejecting the malformed query.BIND 9.6 and BIND 9.6-ESV are unaffected by this problem. Earlier branches of BIND 9 are believed to be unaffected but have not been tested. BIND 10 is also unaffected by this issue.Please Note: All versions of BIND 9.7 are known to be affected, but these branches are beyond their "end of life" (EOL) and no longer receive testing or security fixes from ISC. For current information on which versions are actively supported, please see http://www.isc.org/downloads/software-support-policy/bind-software-status/.

Impact:

 Authoritative and recursive servers are equally vulnerable. Intentional exploitation of this condition can cause a denial of service in all nameservers running affected versions of BIND 9. Access Control Lists do not provide any protection from malicious clients.In addition to the named server, applications built using libraries from the affected source distributions may crash with assertion failures triggered in the same fashion.

Contact Us
TEL 010--58813000
Address:Floor 1, Building 1, Software Park, Chinese Academy of Sciences, 4 South 4th Street, Zhongguancun, Beijing
Postcode:100190
Tel:8610-58813000
Fax:8610-58812666
Website:www.cnnic.cn
    www.中国互联网络信息中心.中国
Email:service@cnnic.cn(For Service)
   supervise@cnnic.cn(For Complaint)

WebSite Map | Contact Us
ICP备案编号:京ICP备09112257号 版权所有 中国互联网络信息中心