4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.034 Low
EPSS
Percentile
91.5%
Problem description
A DNSSEC-related validator function in BIND 9.3.0 contains an
inappropriate internal consistency test. When this test is
triggered, named(8) will exit.
Impact
On systems with DNSSEC enabled, a remote attacker may be able
to inject a specially crafted packet that will cause the
internal consistency test to trigger, and named(8) to
terminate. As a result, the name server will no longer be
available to service requests.
Workaround
DNSSEC is not enabled by default, and the “dnssec-enable”
directive is not normally present. If DNSSEC has been
enabled, disable it by changing the “dnssec-enable” directive
to “dnssec-enable no;” in the named.conf(5) configuration
file.