SecurityTracker: (OpenBSD Issues Fix) BIND Query Processing Bugs Let Remote Users Deny Service

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > BIND

Vendors: ISC (Internet Software Consortium)

(OpenBSD Issues Fix) BIND Query Processing Bugs Let Remote Users Deny Service

SecurityTracker Alert ID: 1016818

SecurityTracker URL: http://securitytracker.com/id/1016818

CVE Reference: CVE-2006-4095, CVE-2006-4096 (Links to External Site)

Date: Sep 8 2006

Impact: Denial of service via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 9.3.2 and prior versions

Description: A vulnerability was reported in BIND. A remote user can cause denial of service conditions.

A remote user (DNS server) can send specially crafted RRset responses in return to a recursive SIG query to cause the requesting named service to crash [CVE-2006-4095].

A remote user can also send specially crafted queries to trigger an INSIST failure and cause the requesting service(s) to crash [CVE-2006-4096].

Impact: A remote user can cause the target named service to crash.

Solution: OpenBSD has issued the following patches:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/010_bind.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/015_bind.patch

Vendor URL: www.isc.org/sw/bind/ (Links to External Site)

Cause: Exception handling error, Input validation error

Underlying OS: UNIX (OpenBSD)

Message History: This archive entry is a follow-up to the message listed below.

BIND Query Processing Bugs Let Remote Users Deny Service

Source Message Contents

Date: Fri, 8 Sep 2006 18:35:13 -0400
Subject: OpenBSD



SECURITY FIX: September 8, 2006   All architectures
Two Denial of Service issues have been found with BIND. An attacker who can perform 
recursive lookups on a DNS server and is able to send a sufficiently large number of 
recursive queries, or is able to get the DNS server to return more than one 
SIG(covered) RRsets can stop the functionality of the DNS service. An attacker querying 
an authoritative DNS server serving a RFC 2535 DNSSEC zone may be able to crash the DNS 
server. CVE-2006-4095 CVE-2006-4096 
A source code patch exists which remedies this problem.

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/010_bind.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/015_bind.patch

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC