dns/bind9* -- zero-length RDATA can cause named to terminate, reveal memory

2012-06-0400:00:00

vuxml.freebsd.org

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:N/A:C

0.904 High

EPSS

Percentile

98.8%

JSON

ISC reports:

Processing of DNS resource records where the rdata field is zero length
may cause various issues for the servers handling them.
Processing of these records may lead to unexpected outcomes. Recursive
servers may crash or disclose some portion of memory to the client.
Secondary servers may crash on restart after transferring a zone
containing these records. Master servers may corrupt zone data if the
zone option “auto-dnssec” is set to “maintain”. Other unexpected
problems that are not listed here may also be encountered.
Impact: This issue primarily affects recursive nameservers.
Authoritative nameservers will only be impacted if an administrator
configures experimental record types with no data. If the server is
configured this way, then secondaries can crash on restart after
transferring that zone. Zone data on the master can become corrupted if
the zone with those records has named configured to manage the DNSSEC
key rotation.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchbind99< 9.9.1.1UNKNOWN
FreeBSDanynoarchbind98< 9.8.3.1UNKNOWN
FreeBSDanynoarchbind97< 9.7.6.1UNKNOWN
FreeBSDanynoarchbind96< 9.6.3.1.ESV.R7.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	bind99	< 9.9.1.1	UNKNOWN
FreeBSD	any	noarch	bind98	< 9.8.3.1	UNKNOWN
FreeBSD	any	noarch	bind97	< 9.7.6.1	UNKNOWN
FreeBSD	any	noarch	bind96	< 9.6.3.1.ESV.R7.1	UNKNOWN