Rapid7 Vulnerability & Exploit Database

RHSA-2002:105: Updated bind packages fix denial of service attack

Back to Search

RHSA-2002:105: Updated bind packages fix denial of service attack

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
06/18/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Version 9 of the bind name prior to version 9.2.1 contain a denial of service vulnerability.

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. Versions of BIND 9 prior to 9.2.1 have a bug that causes certain requests to the BIND name server (named) to fail an internal consistency check, causing the name server to stop responding to requests. This can be used by a remote attacker to cause a denial of service (DOS) attack against name servers. Red Hat Linux 7.1, 7.2 and 7.3 shipped with versions of BIND vulnerable to this issue. All users of BIND are advised to upgrade to the errata packages containing BIND 9.2.1 which is not vulnerable to this issue.

Solution(s)

  • redhat-upgrade-bind
  • redhat-upgrade-bind-devel
  • redhat-upgrade-bind-utils

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;