DNS: ISC BIND RRSIG Query With RPZ Denial of Service
A denial of service vulnerability exists in ISC BIND. The vulnerability is caused by an assertion failure when processing RRSIG queries if Response Policy Zones (RPZ) are configured to force a specific RRSet for some name. A remote attacker may exploit this vulnerability by sending RRSIG requests to the vulnerable server. Successful exploitation would result in an assertion failure in a server resulting in a server crash, leading to a denial of service condition.
Extended Description
ISC BIND is prone to a remote denial-of-service vulnerability because the software fails to properly handle certain record types. An attacker can exploit this issue to cause the application process to crash, denying service to legitimate users. NOTE: This issue only affects BIND users who use the RPZ feature configured for RRset replacement. ISC BIND version 9.8.0 is vulnerable.
Affected Products
Red_hat fedora
Short Name
DNS:BIND-RRSIG-QUERY-DOS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DNS
Keywords
BIND CVE-2011-1907 Denial ISC Query RPZ RRSIG Service With bid:47734 of
Release Date
06/02/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
CVSS Score
5.0