MNBSD-2014-0: named crash handling NSEC3-signed zones

Severity: Unknown

Affected Package: bind

Summary: named crash handling NSEC3-signed zones

Description

A defect in BIND 9.8's handling of queries for NSEC3-signed zones allowed a remote attacker to crash named via an INSIST assertion failure in query_findclosestnsec3() by sending a crafted DNS query to an authoritative name server serving NSEC3-signed zones, resulting in a denial of service. Authoritative servers not serving NSEC3-signed zones are not affected.

Affected Versions

bind

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2014-0591

Published: January 14, 2014
Last Modified: January 14, 2014