Red Hat Bugzilla – Bug 514481
BIND denial of service (server crash) caused by receipt of a specific remote dynamic update message
Last modified: 2013-04-30 19:44:21 EDT
Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert.
This vulnerability affects all servers that are masters for one or more zones – it is not limited to those that are configured to allow dynamic updates. Access controls will not provide an effective workaround.
Duplicate of #514292.
(Unfortunately it seems I can't update the status of my own ticket to duplicate?)
*** This bug has been marked as a duplicate of bug 514292 ***