Internet Systems Consortium Security Advisory

Mark Andrews Mark_Andrews at isc.org
Tue May 1 03:05:34 UTC 2007


                Internet Systems Consortium Security Advisory.
		   BIND 9: query_addsoa DoS
                            30 April 2007

Versions affected:

	BIND 9.4.0
	BIND 9.5.0a1, 9.5.0a2, 9.5.0a3

	[BIND 9.5.0* have only been released to BIND Forum members]

Severity: High

Description:

	A sequence of queries can cause a recursive nameserver to exit.
	While it is unlikely these will occur in normal operation,
	an attack can use them to cause the affected versions to exit.
	This attack is a denial of service, and does not allow an attacker
	to gain control of affected systems.

Workaround:

	Disable recursion if it is not required by your configuration.

		recursion no;

Fix:

	Upgrade to BIND 9.4.1 or BIND 9.5.0a4.

	Questions should be addressed to bind9-bugs at isc.org.

CVE:	CVE-2007-2241

Revision History:



More information about the bind-announce mailing list