Short Name |
DNS:ISC-BIND-RRSIG-RESPONSE-DOS |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
DNS |
Keywords |
ISC BIND RRSIG Record Response Assertion Failure Denial of Service |
Release Date |
2017/02/09 |
Update Number |
2828 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
A denial-of-service vulnerability has been reported in ISC BIND. The vulnerability is due to a defect that can cause named service to exit with an assertion failure while processing a crafted DNS response packet containing malformed RRSIG record. A remote, unauthenticated attacker could exploit this vulnerability by providing a specially crafted response to the vulnerable server. Successful exploitation could lead to denial-of-service condition.
named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.