FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dns/bind9* -- A recursive resolver can be crashed by a query for a malformed zone

Affected packages
9.9.3 < bind99 < 9.9.3.1
9.9.3 < bind99-base < 9.9.3.1
9.8.5 < bind98 < 9.8.5.1
9.8.5 < bind98-base < 9.8.5.1
9.6.3.1.ESV.R9 < bind96 < 9.6.3.2.ESV.R9
9.6.3.1.ESV.R9 < bind96-base < 9.6.3.2.ESV.R9

Details

VuXML ID 72f35727-ce83-11e2-be04-005056a37f68
Discovery 2013-06-04
Entry 2013-06-06
Modified 2013-06-07

ISC reports:

A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal "RUNTIME_CHECK" error in resolver.c.

References

CVE Name CVE-2013-3919