HP Security Bulletin HPSBOV03540 1 - Potential security vulnerabilities have been identified with the OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS. These vulnerabilities could be exploited remotely resulting in execution of code with the privileges of Bind, disclosure of information, or cause a Denial of Service (DoS). Revision 1 of this advisory.
595a4df292feaba6a50f97e0a2a55b79
Slackware Security Advisory - New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues.
6d53abeab43e9182f488028db246c9aa
Gentoo Linux Security Advisory 201209-4 - Multiple vulnerabilities have been found in BIND, the worst of which may allow remote Denial of Service. Versions less than 9.9.1_p3 are affected.
772058c5f68b14e9fad5087d7b1a9380
Apple Security Advisory 2012-09-19-2 - OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address Apache, BIND, CoreText, Data Security, and many other vulnerabilities.
84dbb60b867b299238ac262bdf6502cf
HP Security Bulletin HPSBUX02795 SSRT100878 2 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.
2ac63459c4954ac66532eae3d73e4c09
Red Hat Security Advisory 2012-1110-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory.
327d8938b02d2846719b5ee50a88fed5
HP Security Bulletin HPSBUX02795 SSRT100878 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
5cb448e96590fbd41462b9c3f092e906
Slackware Security Advisory - This release fixes an issue that could crash BIND, leading to a denial of service. It also fixes the so-called "ghost names attack" whereby a remote attacker may trigger continued resolvability of revoked domain names.
3ba8ed7cb87f3893d6e004f761733b74
FreeBSD Security Advisory - The named(8) server does not properly handle DNS resource records where the RDATA field is zero length, which may cause various issues for the servers handling them. Resolving servers may crash or disclose some portion of memory to the client. Authoritative servers may crash on restart after transferring a zone containing records with zero-length RDATA fields. These would result in a denial of service, or leak of sensitive information.
1675828df069117e998188dd43be8f3b
Mandriva Linux Security Advisory 2012-089 - ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. The updated packages have been upgraded to bind 9.7.6-P1 and 9.8.3-P1 which is not vulnerable to this issue.
cc95489515da0761cb1aa6a1fe4dfea5
Red Hat Security Advisory 2012-0717-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory.
3e675759c07ddbea8d049de0fa6f6dd8
Red Hat Security Advisory 2012-0716-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory.
3c235e4384835e35527715cd2fe38a71
Ubuntu Security Notice 1462-1 - Dan Luther discovered that Bind incorrectly handled zero length rdata fields. A remote attacker could use this flaw to cause Bind to crash or behave erratically, resulting in a denial of service. It was discovered that Bind incorrectly handled revoked domain names. A remote attacker could use this flaw to cause malicious domain names to be continuously resolvable even after they have been revoked.
a8a4a361e684549df3a403d90bf6d16d
Debian Linux Security Advisory 2486-1 - It was discovered that BIND, a DNS server, can crash while processing resource records containing no data bytes. Both authoritative servers and resolvers are affected.
4972bc1a97a98d96f0f5150fc97da847
ISC Security Advisory - The handling of zero length rdata can cause named to terminate unexpectedly.
715b9dcf68b1e33d7ccfa1359ac8ac2a