FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- named(8) DNSSEC validation Denial of Service

Affected packages
7.4 <= FreeBSD < 7.4_10
8.1 <= FreeBSD < 8.1_13
8.2 <= FreeBSD < 8.2_10
8.3 <= FreeBSD < 8.3_4
9.0 <= FreeBSD < 9.0_4

Details

VuXML ID 0f020b7b-e033-11e1-90a2-000c299b62e1
Discovery 2012-07-24
Entry 2012-08-07

Problem description:

BIND 9 stores a cache of query names that are known to be failing due to misconfigured name servers or a broken chain of trust. Under high query loads, when DNSSEC validation is active, it is possible for a condition to arise in which data from this cache of failing queries could be used before it was fully initialized, triggering an assertion failure.

References

CVE Name CVE-2012-3817
FreeBSD Advisory SA-12:05.bind