A flaw in ISC BIND was reported [1] where a recursive nameserver could be caused to crash if it recieved a query for a record in a specially malformed zone. A remote attacker could use this flaw to remotely exploit (Denial of Service) a recursive nameserver, by sending a query for a malformed zone, which could cause BIND to exit with a fatal "RUNTIME_CHECK" error in resolver.c [1] https://kb.isc.org/article/AA-00967 Affected versions: BIND 9.6-ESV-R9, 9.8.5, and 9.9.3 are affected Note: Versions 9.6.0 through 9.6-ESV-R8, 9.8.0 through 9.8.4-P2, and 9.9.0 through 9.9.2-P2 ARE NOT affected. Also other major branches of BIND (e.g. 9.7, 9.5, etc) are NOT vulnerable to this flaw.
Created attachment 757073 [details] diff of bind-9.6-ESV-R9-P1 and bind-9.6-ESV-R9
Statement: Not Vulnerable. This issue does not affect the version of bind as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of bind97 as shipped with Red Hat Enterprise Linux 5.
Fedora 17 ships bind-9.9.2-7.P2.fc17 and Fedora 18 ships bind-9.9.2-10.P2.fc18, and therefore are not affected by this issue. However the update candidates for bind are affected: https://admin.fedoraproject.org/updates/dhcp-4.2.5-2.fc17,dnsperf-2.0.0.0-3.fc17,bind-dyndb-ldap-2.5-2.fc17,bind-9.9.3-2.fc17 https://admin.fedoraproject.org/updates/bind-dyndb-ldap-2.6-2.fc18,dnsperf-2.0.0.0-4.fc18,dhcp-4.2.5-12.fc18,bind-9.9.3-2.fc18 https://admin.fedoraproject.org/updates/FEDORA-2013-9984/bind-9.9.3-2.fc19 Please schedule an update to replace these builds with the fixed versions.