FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bind -- Multiple Denial of Service vulnerabilities

Affected packages
named < 9.3.4
6.2 <= FreeBSD < 6.2_1
6.1 <= FreeBSD < 6.1_13
5.5 <= FreeBSD < 5.5_11

Details

VuXML ID 3cb6f059-c69d-11db-9f82-000e0c2e438a
Discovery 2007-02-09
Entry 2007-02-27
Modified 2016-08-09

Problem Description:

A type * (ANY) query response containing multiple RRsets can trigger an assertion failure.

Certain recursive queries can cause the nameserver to crash by using memory which has already been freed.

Impact:

A remote attacker sending a type * (ANY) query to an authoritative DNS server for a DNSSEC signed zone can cause the named(8) daemon to exit, resulting in a Denial of Service.

A remote attacker sending recursive queries can cause the nameserver to crash, resulting in a Denial of Service.

Workaround:

There is no workaround available, but systems which are not authoritative servers for DNSSEC signed zones are not affected by the first issue; and systems which do not permit untrusted users to perform recursive DNS resolution are not affected by the second issue. Note that the default configuration for named(8) in FreeBSD allows local access only (which on many systems is equivalent to refusing access to untrusted users).

References

CVE Name CVE-2007-0493
CVE Name CVE-2007-0494
FreeBSD Advisory SA-07:02.bind