Release date:
Updated on: 2014-05-10
Affected Systems:
Isc bind 9.10.0
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-3214
BIND is a widely used DNS protocol.
After the recursive name server is enabled in isc bind 9.10.0, the prefetch implementation in named has a security vulnerability, which allows remote attackers to trigger a response with unknown attributes through DNS requests, resulting in DOS.
<* Source: Jeremy Reed
Link: https://kb.isc.org/article/AA-01161
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
ISC
---
ISC has released a Security Bulletin (AA-01161) and corresponding patches for this:
AA-01161: CVE-2014-3214: A Defect in Prefetch Can Cause Recursive Servers to Crash
Link: https://kb.isc.org/article/AA-01161
Patch download: http://www.isc.org/downloads
This article permanently updates the link address: