Summary
Jan-Piet Mens discovered that the BIND
DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker. This issue affects configurations with the directives 'dnssec-validation auto
' (as enabled in the Debian default configuration) or 'dnssec-lookaside auto
'.
Solution
For the stable distribution (wheezy),
this problem has been fixed in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u4.
We recommend that you upgrade your bind9 packages.
Insight
The Berkeley Internet Name Domain
(BIND) implements an Internet domain name server. BIND is the most widely-used name server software on the Internet, and is supported by the Internet Software Consortium, www.isc.org. This package provides the server and related configuration files.
Affected
bind9 on Debian Linux
Detection
This check tests the installed software
version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2015-1349 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities