FreeBSD : BIND -- Dynamic update message remote DoS (83725c91-7c7e-11de-9672-00e0815b8da8)
Medium Nessus Plugin ID 40461
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionWhen named(8) receives a specially crafted dynamic update message an internal assertion check is triggered which causes named(8) to exit.
To trigger the problem, the dynamic update message must contains a record of type 'ANY' and at least one resource record set (RRset) for this fully qualified domain name (FQDN) must exist on the server.
Impact : An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation.
Workaround : No generally applicable workaround is available, but some firewalls may be able to prevent nsupdate DNS packets from reaching the nameserver.
NOTE WELL: Merely configuring named(8) to ignore dynamic updates is NOT sufficient to protect it from this vulnerability.
SolutionUpdate the affected packages.