DNS: BIND 9 RT Record Reply Exploit
This protocol anomaly is an rdataset parameter to the dns_message_findtype() function in message.c that is not NULL. In BIND 9 (up to 9.2.0), attackers can cause a shutdown on an assertion failure. Note: Common queries in routine operations (such as SMTP queries) can trigger this anomaly.
Extended Description
BIND is a server program that implements the domain name service protocol. It is in extremely wide use on the Internet, in use by most of the DNS servers. A vulnerability has been reported in some versions of BIND 9. Under some circumstances, the name server named may fail an internal consistancy check. As a result, the server will shut down, and is no longer available to respond to further DNS requests. It has been reported that some HP products may ship with vulnerable versions of BIND 9, as does Caldera Open UNIX.
Affected Products
Isc bind
Short Name
DNS:EXPLOIT:EXPLOIT-BIND9-RT
Severity
Major
Recommended
False
Recommended Action
Drop Packet
Category
DNS
Keywords
CA-2002-15 CVE-2002-0400 bid:4936
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Isc
CVSS Score
5.0