Bug 494543 (CVE-2006-4096) - CVE-2006-4096 INSIST failure in ISC BIND recursive query
Summary: CVE-2006-4096 INSIST failure in ISC BIND recursive query
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2006-4096
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://web.nvd.nist.gov/view/vuln/det...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-04-07 12:28 UTC by Josh Bressers
Modified: 2019-09-29 12:29 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-04-08 22:01:06 UTC


Attachments (Terms of Use)
Patch for this issue (2.00 KB, patch)
2009-04-07 12:32 UTC, Adam Tkac
no flags Details | Diff

Description Josh Bressers 2009-04-07 12:28:06 UTC
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to
cause a denial of service (crash) via a flood of recursive queries, which
cause an INSIST failure when the response is received after the recursion
queue is empty.

Comment 1 Adam Tkac 2009-04-07 12:32:01 UTC
Created attachment 338495 [details]
Patch for this issue

Comment 3 Josh Bressers 2009-04-07 16:51:10 UTC
This is fixed in Red Hat Enterprise Linux 3 and 4 by the patch
bind-9.2.4-bz173961.patch

It was fixed in the errata RHBA-2006:0287 and RHBA-2006:0288.

They are not marked as RHSA errata as the patch went in before it was recognized as being a security relevant fix. The errata do however note the CVE id in question.

Comment 4 Josh Bressers 2009-04-07 16:55:47 UTC
The technical details about fix this flaw can found in bug 173961

Specifically comment #21


Note You need to log in before you can comment on or make changes to this bug.