Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ISC BIND 9 Response Policy Zones (RPZ) DNAME / CNAME Parsing Remote DoS

Medium

Synopsis

The remote DNS server is vulnerable to a denial of service attack.

Description

The remote host is running Bind, a popular name server.

Versions of BIND 9.8 earlier than 9.8.0-P3 are potentially affected by a denial of service vulnerability. If an attacker sends a specially crafted request to a BIND server that has recursion enabled and Response Policy Zones (RPZ) configured, it may cause the name server process to crash.

Solution

Upgrade to BIND 9.8.0-P3 or later.