DoS internal consistency check (DoS_findtype)

Summary: 
A logic error can cause server failure, disabling name service.
CVE: 
CVE-2002-0400
CERT: 
VU#739123
Posting date: 
04 Jun 2002
Program Impacted: 
BIND
Versions affected: 
9.0 - 9.2.0
Severity: 
Serious
Exploitable: 
Remotely
Description: 

BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.

Workarounds: 

None.

Active exploits: 
None known at this time.
Solution: 

Upgrade to BIND 9.2.1 or later.

Share this