FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bind -- denial of service vulnerability

Affected packages
bind910 < 9.10.2P2
bind99 < 9.9.7P1
0 < bind910-base
0 < bind99-base
9.3 <= FreeBSD < 9.3_19
8.4 <= FreeBSD < 8.4_33

Details

VuXML ID c93533a3-24f1-11e5-8b74-3c970e169bc2
Discovery 2015-07-07
Entry 2015-07-07
Modified 2016-08-09

ISC reports:

A very uncommon combination of zone data has been found that triggers a bug in BIND, with the result that named will exit with a "REQUIRE" failure in name.c when validating the data returned in answer to a recursive query.

A recursive resolver that is performing DNSSEC validation can be deliberately terminated by any attacker who can cause a query to be performed against a maliciously constructed zone. This will result in a denial of service to clients who rely on that resolver.

References

CVE Name CVE-2015-4620
FreeBSD Advisory SA-15:11.bind
URL https://kb.isc.org/article/AA-01267/