BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.
Created attachment 338495 [details] Patch for this issue
This is fixed in Red Hat Enterprise Linux 3 and 4 by the patch bind-9.2.4-bz173961.patch It was fixed in the errata RHBA-2006:0287 and RHBA-2006:0288. They are not marked as RHSA errata as the patch went in before it was recognized as being a security relevant fix. The errata do however note the CVE id in question.
The technical details about fix this flaw can found in bug 173961 Specifically comment #21