Bug 25673 - CVE-2011-1910: Large RRSIG RRsets and Negative Caching can crash named
Summary: CVE-2011-1910: Large RRSIG RRsets and Negative Caching can crash named
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: bind9.8 (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Michael Shigorin
QA Contact: qa-sisyphus
URL: http://www.isc.org/software/bind/advi...
Keywords: security
Depends on:
Blocks:
 
Reported: 2011-05-27 13:08 MSK by Vladimir Lettiev
Modified: 2011-08-12 14:02 MSK (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2011-05-27 13:08:08 MSK
A BIND 9 DNS server set up to be a caching resolver is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache a response. This can cause the BIND 9 DNS server (named process) to crash.
Upgrade to 9.8.0-P2
Comment 1 Vladimir Lettiev 2011-08-12 14:01:11 MSK
 * Sun Jun 12 2011 Victor Forsiuk <force@altlinux.org> 9.8.0-alt0.2
 - 9.8.0-P2 (security fixes for CVE-2011-1907 and CVE-2011-1910).