FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

BIND -- Remote DOS

Affected packages
7.3 <= FreeBSD < 7.3_9
7.4 <= FreeBSD < 7.4_5
8.1 <= FreeBSD < 8.1_7
8.2 <= FreeBSD < 8.2_5
bind96 < 9.6.3.1.ESV.R5.1
bind97 < 9.7.4.1
bind98 < 9.8.1.1

Details

VuXML ID 90cc1494-10ac-11e1-b3ec-0024e830109b
Discovery 2011-11-16
Entry 2011-11-16
Modified 2012-01-29

The Internet Systems Consortium reports:

Organizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))" Multiple versions were reported being affected, including all currently supported release versions of ISC BIND 9.

Because it may be possible to trigger this bug even on networks that do not allow untrusted users to access the recursive name servers (perhaps via specially crafted e-mail messages, and/or malicious web sites) it is recommended that ALL operators of recursive name servers upgrade immediately.

References

CVE Name CVE-2011-4313
FreeBSD Advisory SA-11:06.bind
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313
URL https://www.isc.org/software/bind/advisories/cve-2011-4313