Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
21 CVE-2012-1667: Handling of zero length rdata can cause named to terminate unexpectedly

Processing of DNS resource records where the rdata field is zero length may cause various issues for the servers handling them. CVE: CVE-2012-1667 Document Version: 1.4 Posting date: 04 Jun 2012 Program Impacted: BIND Versions affected: 9.0.x -> 9.6.x,…

22 CVE-2012-1033: Ghost Domain Names: Revoked Yet Still Resolvable

After completing our analysis of the DNS exploit reported by Professor Haixin Duan of Tsinghua University, ISC has determined that the behavior he describes, while verifiable, is due to design issues in the DNS protocol. No immediate steps are planned to…

23 CVE-2011-4313 FAQ and Supplemental Information

About This Document For up to date information on this vulnerability, patches, and other operational information, please see the official vulnerability announcement. This article is intended to supplement the information in that announcement and will be updated…

24 CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c

Organizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))"…

25 CVE-2011-0414: BIND -- Server Lockup Upon IXFR or DDNS Update Combined With High Query Rate

When an authoritative server processes a successful IXFR transfer or a dynamic update, there is a small window of time during which the IXFR/update coupled with a query may cause a deadlock to occur. CVE: CVE-2011-0414 CERT: VU#559980 Document Version: 1.1…

26 CVE-2011-1907: RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones

RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones When a name server is configured with a response policy zone (RPZ), queries for type RRSIG can trigger a server crash. CVE: CVE-2012-1907 Document Version: 1.1 Posting date: 05 May 2011…

27 CVE-2011-1910: Large RRSIG RRsets and Negative Caching Can Crash named

Large RRSIG RRsets and Negative Caching Can Crash named A BIND 9 DNS server set up to be a caching resolver is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache a response. This can cause…

28 CVE-2011-2465: ISC BIND 9 Remote Crash With Certain RPZ Configurations

ISC BIND 9 Remote Crash with Certain RPZ Configurations Two defects were discovered in ISC's BIND 9 code. These defects only affect BIND 9 servers which have recursion enabled and which use a specific feature of the software known as Response Policy Zones…

29 CVE-2011-2464: ISC BIND 9 Remote Packet Denial of Service Against Authoritative and Recursive Servers

ISC BIND 9 Remote packet Denial of Service against Authoritative and Recursive Servers A specially constructed packet will cause BIND 9 ("named") to exit, affecting DNS service. CVE: CVE-2011-2464 Document Version: 2.1 Posting date: 05 Jul 2011 Program Impacted:…