English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsSA50878

ISC BIND Record Handling Lockup Vulnerability


Secunia ID

SA50878
CVE-ID

CVE-2012-5166
Release Date

10 Oct 2012
Criticality

Moderately Critical
Solution Status

Vendor Patch
Software

ISC BIND 9.6.x
ISC BIND 9.7.x
ISC BIND 9.8.x
ISC BIND 9.9.x
Where

From remote
Impact
DoS (Denial of Service)

This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
Description

A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling queries for certain records and can be exploited to cause the named process to lockup.

Successful exploitation requires a combination of RDATA to be loaded into a nameserver (e.g. via cache or an authoritative zone).

Please see the vendor's advisory for a list of affected versions.
Solution

Update to a fixed release (please see the vendor's advisory for details).
Reported by

The vendor credits Jake Montgomery, Dyn, Inc.
Original Advisory

https://kb.isc.org/article/AA-00801

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search