Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 DNS:BIND-RRSIG-QUERY-DOS

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 DNS

Keywords

 ISC BIND RRSIG Query With RPZ Denial of Service

Release Date

 2011/06/02

Update Number

 1930

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

DNS: ISC BIND RRSIG Query With RPZ Denial of Service


A denial of service vulnerability exists in ISC BIND. The vulnerability is caused by an assertion failure when processing RRSIG queries if Response Policy Zones (RPZ) are configured to force a specific RRSet for some name. A remote attacker may exploit this vulnerability by sending RRSIG requests to the vulnerable server. Successful exploitation would result in an assertion failure in a server resulting in a server crash, leading to a denial of service condition.

Extended Description

ISC BIND is prone to a remote denial-of-service vulnerability because the software fails to properly handle certain record types. An attacker can exploit this issue to cause the application process to crash, denying service to legitimate users. NOTE: This issue only affects BIND users who use the RPZ feature configured for RRset replacement. ISC BIND version 9.8.0 is vulnerable.

Affected Products

  • ISC Bind 9.8.0
  • Red Hat Fedora 15

References

  • BugTraq: 47734
  • CVE: CVE-2011-1907

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out