Isc bind 9 RRSIG Query Remote Denial of Service Vulnerability

Release date:
Updated on:

Affected Systems:
RedHat Fedora 15
Description:
--------------------------------------------------------------------------------
Bugtraq id: 47734
Cve id: CVE-2011-1907

BIND is the implementation of a widely used DNS protocol, which is maintained by ISC and developed by Nominum.

The isc bind has a remote denial of service (DoS) vulnerability. Attackers can exploit this vulnerability to cause the application process to crash and target users.

This issue only affects BIND users who use the configured RPZ function to replace RRset. BIND 9.8.0 introduces the RPZ mechanism to modify the DNS response returned by the recursive server based on a group of rules. In a typical configuration, RPZ is used to force the NXDOMAIN response of suspicious names, and also to replace RRset. When RPZ is used, the RRSIG query with the name type replaced by RRset will trigger the assertion failure and cause the DNS process to exit.

<* Source: Mitsuru Shimamura

Link: https://www.isc.org/CVE-2011-1907
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

RedHat
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.redhat.com/apps/support/errata/index.html