FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Incorrect handling of zero-length RDATA fields in named(8)

Affected packages
7.4 <= FreeBSD < 7.4_9
8.1 <= FreeBSD < 8.1_11
8.2 <= FreeBSD < 8.2_9
8.3 <= FreeBSD < 8.3_3
9.0 <= FreeBSD < 9.0_3

Details

VuXML ID fc5231b6-c066-11e1-b5e0-000c299b62e1
Discovery 2012-06-12
Entry 2012-06-27

Problem description:

The named(8) server does not properly handle DNS resource records where the RDATA field is zero length, which may cause various issues for the servers handling them.

Resolving servers may crash or disclose some portion of memory to the client. Authoritative servers may crash on restart after transferring a zone containing records with zero-length RDATA fields. These would result in a denial of service, or leak of sensitive information.

References

CVE Name CVE-2012-1667
FreeBSD Advisory SA-12:03.bind