ISC BIND 9 Response Policy Zones (RPZ) DNAME / CNAME Parsing Remote DoS
Medium Nessus Network Monitor Plugin ID 5981
SynopsisThe remote DNS server is vulnerable to a denial of service attack.
DescriptionThe remote host is running Bind, a popular name server.
Versions of BIND 9.8 earlier than 9.8.0-P3 are potentially affected by a denial of service vulnerability. If an attacker sends a specially crafted request to a BIND server that has recursion enabled and Response Policy Zones (RPZ) configured, it may cause the name server process to crash.
SolutionUpgrade to BIND 9.8.0-P3 or later.