Internet Systems Consortium Security Advisory
Mark Andrews
Mark_Andrews at isc.org
Tue May 1 03:05:34 UTC 2007
Internet Systems Consortium Security Advisory.
BIND 9: query_addsoa DoS
30 April 2007
Versions affected:
BIND 9.4.0
BIND 9.5.0a1, 9.5.0a2, 9.5.0a3
[BIND 9.5.0* have only been released to BIND Forum members]
Severity: High
Description:
A sequence of queries can cause a recursive nameserver to exit.
While it is unlikely these will occur in normal operation,
an attack can use them to cause the affected versions to exit.
This attack is a denial of service, and does not allow an attacker
to gain control of affected systems.
Workaround:
Disable recursion if it is not required by your configuration.
recursion no;
Fix:
Upgrade to BIND 9.4.1 or BIND 9.5.0a4.
Questions should be addressed to bind9-bugs at isc.org.
CVE: CVE-2007-2241
Revision History:
More information about the bind-announce
mailing list