Vigil@nce - ISC BIND: assertion error via DNAME
January 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force an assertion error via DNAME of ISC BIND, in
order to trigger a denial of service.
– Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD,
AIX, BIND, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE
Linux Enterprise Desktop, SLES.
– Severity: 2/4.
– Creation date: 02/11/2016.
DESCRIPTION OF THE VULNERABILITY
The ISC BIND product can be configured in recursive mode.
However, if a DNS reply contains a special DNAME entry, an
assertion error occurs because developers did not except this
case, which stops the process.
An attacker can therefore force an assertion error via DNAME of
ISC BIND, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/ISC-BIND-assertion-error-via-DNAME-20991