DNS: BIND OPT DoS
This protocol anomaly detects a suspiciously long OPT resource record. All versions of BIND up to version 8.3.3 are vulnerable to a denial-of-service attack. Using an OPT resource record that has a very large UDP payload size; an attacker, by requesting a subdomain that does not exist, can crash the server.
Extended Description
ISC BIND is vulnerable to a denial of service attack. When a DNS lookup is requested on a non-existant sub-domain of a valid domain and an OPT resource record with a large UDP payload is attached, the server may fail.
Affected Products
Sun cobalt_raq_xtr,Sun solaris
Short Name
DNS:OVERFLOW:OPT-DOS
Severity
Critical
Recommended
False
Recommended Action
Drop Packet
Category
DNS
Keywords
CVE-2002-1220 bid:6161 dns dos opt
Release Date
01/29/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Sco
Compaq
Sun
Hp
Freebsd
Astaro
Isc
CVSS Score
5.0