FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

BIND -- Large RRSIG RRsets and Negative Caching DoS

Affected packages
bind9-sdb-ldap < 9.4.3.4
bind9-sdb-postgresql < 9.4.3.4
bind96 < 9.6.3.1.ESV.R4.1
bind97 < 9.7.3.1
bind98 < 9.8.0.2
Affected systems
7.3 < FreeBSD < 7.3_6
7.4 < FreeBSD < 7.4_2
8.1 < FreeBSD < 8.1_4
8.2 < FreeBSD < 8.2_2

Details

VuXML ID 1e1421f0-8d6f-11e0-89b4-001ec9578670
Discovery 2011-05-26
Entry 2011-06-04

ISC reports:

A BIND 9 DNS server set up to be a caching resolver is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache a response. This can cause the BIND 9 DNS server (named process) to crash.

References

CVE Name CVE-2011-1910
FreeBSD Advisory SA-11:02.bind
URL http://www.isc.org/software/bind/advisories/cve-2011-1910