CVE-2013-3919: A recursive resolver can be crashed by a query for a malformed zone
A defect exists which allows an attacker to crash a BIND 9 recursive resolver with a RUNTIME_CHECK error in resolver.c
Description:
A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal "RUNTIME_CHECK" error in resolver.c
Impact:
Triggering this defect will cause the affected server to exit with an error, denying service to recursive DNS clients that use that particular server.
Contact Us
TEL 010--58813000
Address:Floor 1, Building 1, Software Park, Chinese Academy of Sciences, 4 South 4th Street, Zhongguancun, Beijing
Postcode:100190
Tel:8610-58813000
Fax:8610-58812666
Website:www.cnnic.cn
www.中国互联网络信息中心.中国
Email:service@cnnic.cn(For Service)
supervise@cnnic.cn(For Complaint)
