Bug 494543 - (CVE-2006-4096) CVE-2006-4096 INSIST failure in ISC BIND recursive query
CVE-2006-4096 INSIST failure in ISC BIND recursive query
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
http://web.nvd.nist.gov/view/vuln/det...
impact=important,source=niscc,reporte...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-07 08:28 EDT by Josh Bressers
Modified: 2010-04-08 18:01 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-04-08 18:01:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch for this issue (2.00 KB, patch)
2009-04-07 08:32 EDT, Adam Tkac
no flags Details | Diff

  None (edit)
Description Josh Bressers 2009-04-07 08:28:06 EDT
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to
cause a denial of service (crash) via a flood of recursive queries, which
cause an INSIST failure when the response is received after the recursion
queue is empty.
Comment 1 Adam Tkac 2009-04-07 08:32:01 EDT
Created attachment 338495 [details]
Patch for this issue
Comment 3 Josh Bressers 2009-04-07 12:51:10 EDT
This is fixed in Red Hat Enterprise Linux 3 and 4 by the patch
bind-9.2.4-bz173961.patch

It was fixed in the errata RHBA-2006:0287 and RHBA-2006:0288.

They are not marked as RHSA errata as the patch went in before it was recognized as being a security relevant fix. The errata do however note the CVE id in question.
Comment 4 Josh Bressers 2009-04-07 12:55:47 EDT
The technical details about fix this flaw can found in bug 173961

Specifically comment #21

Note You need to log in before you can comment on or make changes to this bug.