BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to
cause a denial of service (crash) via a flood of recursive queries, which
cause an INSIST failure when the response is received after the recursion
queue is empty.
Created attachment 338495 [details]
Patch for this issue
This is fixed in Red Hat Enterprise Linux 3 and 4 by the patch
It was fixed in the errata RHBA-2006:0287 and RHBA-2006:0288.
They are not marked as RHSA errata as the patch went in before it was recognized as being a security relevant fix. The errata do however note the CVE id in question.
The technical details about fix this flaw can found in bug 173961
Specifically comment #21