10 Oct 2012
ISC BIND 9.6.x
DoS (Denial of Service)
This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when handling queries for certain records and can be exploited to cause the named process to lockup.
Successful exploitation requires a combination of RDATA to be loaded into a nameserver (e.g. via cache or an authoritative zone).
Please see the vendor's advisory for a list of affected versions.
Update to a fixed release (please see the vendor's advisory for details).
The vendor credits Jake Montgomery, Dyn, Inc.