|
|
|
|
| |
Credit:
The original article can be found at: https://kb.isc.org/article/AA-00778
|
| |
Vulnerable Systems:
* 9.0.x -> 9.6.x, 9.4-ESV->9.4-ESV-R5-P1, 9.6-ESV->9.6-ESV-R7-P2, 9.7.0->9.7.6-P2, 9.8.0->9.8.3-P2, 9.9.0->9.9.1-P2
If a record with RDATA in excess of 65535 bytes is loaded into a nameserver, a subsequent query for that record will cause named to exit with an assertion failure.
Please Note: Versions of BIND 9.4 and 9.5 are also affected, but these branches are beyond their "end of life" (EOL) and no longer receive testing or security fixes from ISC. For current information on which versions are actively supported, please see http://www.isc.org/software/bind/versions.
Impact:
This vulnerability can be exploited remotely against recursive servers by inducing them to query for records provided by an authoritative server. It affects authoritative servers if a zone containing this type of resource record is loaded from file or provided via zone transfer.A nameserver can be caused to exit with a REQUIRE exception if it canbe induced to load a specially crafted resource record The updated packages have been upgraded to bind 9.7.6-P3 which is not vulnerable to this issue. The following text is for use by the HP-UX Software Assistant.
CVE Information:
CVE-2012-4244
Disclosure Timeline:
Posting date: 12 September 2012
|
|
|
|
|
