PROBLEM:
ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
PLATFORM:
BIND 9.6-ESV-R1 through versions 9.6-ESV-R7-P1
BIND 9.7.1 through versions 9.7.6-P1
BIND 9.8.0 through versions 9.8.3-P1
BIND 9.9.0 through versions 9.9.1-P1
ABSTRACT:
ISC BIND is prone to a denial-of-service vulnerability.
reference LINKS:
The Vendor's Advisory
CVE-2012-3817
Bugtraq ID: 54658
SecurityTracker Alert ID: 1027296
IMPACT ASSESSMENT:
High
Discussion:
When DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.
Impact:
An attacker can exploit this issue to cause an assertion failure in the 'named' process, denying service to legitimate users. This issue may also be exploited to disclose certain memory information to clients.