icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Bind9 9.8.0 RRSIG Query Type Remote Denial of Service Vulnerability

Medium

Synopsis

The remote DNS server is vulnerable to a denial of service attack.

Description

The remote host is running Bind, a popular name server.

Bind9 9.8.0 is potentially affected by a denial of service vulnerability. This issue only affects BIND users who use the RPZ feature configured for RRset replacement. When RPZ is being used, a query of type RRSIG for a name configured for RRset replacement will trigger an assertion failure and cause the name server process to exit.

Solution

Upgrade to BIND 9.8.0-P1 or later.