dns/bind9* -- A recursive resolver can be crashed by a query for a malformed zone

ID 72F35727-CE83-11E2-BE04-005056A37F68
Type freebsd
Reporter FreeBSD
Modified 2013-06-07T00:00:00


ISC reports:

A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal "RUNTIME_CHECK" error in resolver.c.