CVE-2013-3919: A recursive resolver can be crashed by a query for a malformed zone
2013/06/05 10:41author:
[ size:big normal small ]

 A defect exists which allows an attacker to crash a BIND 9 recursive resolver with a RUNTIME_CHECK error in resolver.c

Description:

 A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal "RUNTIME_CHECK" error in resolver.c

Impact:

 Triggering this defect will cause the affected server to exit with an error, denying service to recursive DNS clients that use that particular server.

Contact Us
TEL 010--58813000
Address:Floor 1, Building 1, Software Park, Chinese Academy of Sciences, 4 South 4th Street, Zhongguancun, Beijing
Postcode:100190
Tel:8610-58813000
Fax:8610-58812666
Website:www.cnnic.cn
    www.中国互联网络信息中心.中国
Email:service@cnnic.cn(For Service)
   supervise@cnnic.cn(For Complaint)

WebSite Map | Contact Us
ICP备案编号:京ICP备09112257号 版权所有 中国互联网络信息中心