Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ISC BIND 9 libdns Regular Expressions Handling DoS

High

Synopsis

The remote DNS server may be affected by a denial of service vulnerability

Description

The remote host is running Bind, a popular name server.

Versions of BIND earlier than 9.8.4-P2 / 9.9.2-P2 are potentially affected by a denial of service vulnerability. Affected versions of BIND can be forced to crash via memory exhaustion caused by specially crafted regular expressions.

Note this vulnerability only affects Unix and Unix-like systems when the application has been compiled to include regular expression support

Solution

Upgrade to BIND 9.8.4-P2 / 9.9.2-P2 or later, or apply the vendor supplied patch. Alternatively, the application can be recompiled without regular expression support as a workaround.