(Solaris Issues Fix) BIND DNSSEC Validation Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1018262 |
|
SecurityTracker URL: http://securitytracker.com/id/1018262
|
|
CVE Reference:
CVE-2007-0494
(Links to External Site)
|
Date: Jun 18 2007
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in BIND. A remote user can cause denial of service conditions.
A remote user can send specially crafted data to cause the target service to crash. A type * (ANY) DNS query that results in a response with multiple RRsets can trigger this flaw in the DNSSEC validation code.
The following versions are affected:
BIND 9.0.x
BIND 9.1.x
BIND 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7
BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3
BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, 9.4.0b1, 9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1
BIND 9.5.0a1 (Bind Forum only)
|
Impact:
A remote user can cause the target name service to crash.
|
Solution:
Sun has issued the following fix.
SPARC Platform
* Solaris 10 with patch 119783-02 or later
x86 Platform
* Solaris 10 with patch 119784-02 or later
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102969-1
|
Vendor URL: www.isc.org/ (Links to External Site)
|
Cause:
State error
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Mon, 18 Jun 2007 16:35:49 -0400
Subject: Security Vulnerability in Solaris 10 BIND DNSSEC May Cause a Denial of Service
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102969-1
CVE-2007-0494
|
|
