FreeBSD : bind9 -- denial of service (30e4ed7b-1ca6-11da-bc01-000e0c2e438a)
Medium Nessus Plugin ID 21410
SynopsisThe remote FreeBSD host is missing a security-related update.
A DNSSEC-related validator function in BIND 9.3.0 contains an inappropriate internal consistency test. When this test is triggered, named(8) will exit.
On systems with DNSSEC enabled, a remote attacker may be able to inject a specially crafted packet that will cause the internal consistency test to trigger, and named(8) to terminate. As a result, the name server will no longer be available to service requests.
DNSSEC is not enabled by default, and the 'dnssec-enable' directive is not normally present. If DNSSEC has been enabled, disable it by changing the 'dnssec-enable' directive to 'dnssec-enable no;' in the named.conf(5) configuration file.
SolutionUpdate the affected package.