ISC BIND 9 libdns Regular Expression Handling DoS
High Nessus Plugin ID 65736
SynopsisThe remote name server is prone to a denial of service attack.
DescriptionAccording to its self-reported version number, the remote installation of BIND can be forced to crash via memory exhaustion caused by specially crafted regular expressions.
Note this vulnerability only affects Unix and Unix-like systems when the application has been compiled to include regular expression support.
Further note that Nessus has only relied on the version itself and has not attempted to determine whether or not the install is actually affected.
SolutionUpgrade to BIND 9.8.4-P2 / 9.8.5b2 / 9.9.2-P2 / 9.9.3b2 or later, or apply the vendor-supplied patch. Alternatively, the application can be recompiled without regular expression support as a workaround.