FreeBSD -- named(8) DNSSEC validation Denial of Service

Description:

Problem description:

BIND 9 stores a cache of query names that are known to be failing due to misconfigured name servers or a broken chain of trust. Under high query loads, when DNSSEC validation is active, it is possible for a condition to arise in which data from this cache of failing queries could be used before it was fully initialized, triggering an assertion failure.

References:

FreeBSD security advisory FreeBSD-SA-12:05.bind
CVE name CVE-2012-3817

Affects:

FreeBSD >=7.4 <7.4_10
FreeBSD >=8.1 <8.1_13
FreeBSD >=8.2 <8.2_10
FreeBSD >=8.3 <8.3_4
FreeBSD >=9.0 <9.0_4

portaudit: FreeBSD -- named(8) DNSSEC validation Denial of Service

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.

Oliver Eikemeier <eik@FreeBSD.org>