FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bind9 -- denial of service

Affected packages
bind9 = 9.3.0
5.3 <= FreeBSD < 5.3_16


VuXML ID 30e4ed7b-1ca6-11da-bc01-000e0c2e438a
Discovery 2005-01-25
Entry 2005-09-03

Problem description

A DNSSEC-related validator function in BIND 9.3.0 contains an inappropriate internal consistency test. When this test is triggered, named(8) will exit.


On systems with DNSSEC enabled, a remote attacker may be able to inject a specially crafted packet that will cause the internal consistency test to trigger, and named(8) to terminate. As a result, the name server will no longer be available to service requests.


DNSSEC is not enabled by default, and the "dnssec-enable" directive is not normally present. If DNSSEC has been enabled, disable it by changing the "dnssec-enable" directive to "dnssec-enable no;" in the named.conf(5) configuration file.


CERT/CC Vulnerability Note 938617
CVE Name CVE-2005-0034