icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

ISC BIND 9 Response Policy Zones (RPZ) DNAME / CNAME Parsing Remote DoS

Medium

Synopsis

The remote DNS server is vulnerable to a denial of service attack.

Description

The remote host is running Bind, a popular name server.

Versions of BIND 9.8 earlier than 9.8.0-P3 are potentially affected by a denial of service vulnerability. If an attacker sends a specially crafted request to a BIND server that has recursion enabled and Response Policy Zones (RPZ) configured, it may cause the name server process to crash.

Solution

Upgrade to BIND 9.8.0-P3 or later.