Vigil@nce - ISC Bind: denial of service via Response Policy Zones
August 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force an assertion error during a zone transfer by
ISC Bind, in order to trigger a denial of service.
Impacted products: BIND.
Severity: 2/4.
Creation date: 11/06/2015.
DESCRIPTION OF THE VULNERABILITY
The ISC Bind product includes a DNS server.
It manages zone transfers between mirrored name servers. However,
when such a transfer fails, for instance because of a network
failure, an assertion error occurs because developers did not
except this case, which stops the process.
An attacker can therefore force an assertion error during a zone
transfer by ISC Bind, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/ISC-Bind-denial-of-service-via-Response-Policy-Zones-17105