-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2012-0068

Title: Denial of Service vulnerability in ISC BIND [1]

Version history:
06.06.2012 Initial publication

Summary and Potential impact
============================
CVE-2012-1667: Handling of zero length rdata can cause named to
terminate unexpectedly

CVSS Score: 8.5 HIGH[2]
CVSS Equation: (AV:N/AC:L/Au:N/C:P/I:N/A:C)

A problem in BIND was uncovered while testing with experimental DNS
record types. It is possible to add records to BIND with null (zero
length) rdata fields.

Processing of these records may lead to unexpected outcomes. Recursive
servers may crash or disclose some portion of memory to the client.
Secondary servers may crash on restart after transferring a zone
containing these records. Master servers may corrupt zone data if the
zone option "auto-dnssec" is set to "maintain". Other unexpected
problems that are not listed here may also be encountered.

Impact:

- - This issue primarily affects recursive nameservers.
- - Authoritative nameservers will only be impacted if an administrator
configures experimental record types with no data. If the server is
configured this way, then secondaries can crash on restart after
transferring that zone. Zone data on the master can become corrupted if
the zone with those records has named configured to manage the DNSSEC
key rotation.

Vulnerable Systems
==================
BIND versions 9.0.x -> 9.6.x, 9.4-ESV->9.4-ESV-R5-P1,
9.6-ESV->9.6-ESV-R7, 9.7.0->9.7.6, 9.8.0->9.8.3, 9.9.0->9.9.1

What can you do?
================
A couple of vendors or maintainers of Linux Distributions (including
Debian, Ubuntu, etc.) already issued an update for the BIND package.

Please refer to the vendor or maintainer of your Software to learn about
exact information about updates.


What to tell your users?
========================
N/A

More information
================
[1] ISC advisory http://www.isc.org/software/bind/advisories/cve-2012-1667
[2] More information about CVSS is available at:
http://www.first.org/cvss/cvss-guide.html

Best regards,

CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement:
http://cert.europa.eu/cert/plainedition/en/cert_privacy.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJPzzhcAAoJEPpzpNLI8SVo0cUP/0YYbcuBuK8chL9xMkNc7xOX
r9PzPItiNGdBPUkKd2eBB73QjBVYfaVfA47U9r1e7KI5Qn5hDSId8LAhlywhAglT
7nAaRiYtPtrHQo/07nuCpxIEp2ZTV0kEBboC5HNIWFPiGQpqghF2YANbOyX2Rhfe
GEEOnUA13QWaCeqPx7C0y+hszOHvJCW0VEZWMI5fnFOE6fVzMhWfWT34pjZQ4lbx
3zjer5MJJZnLcNcN1xIj/6cNFtrbePWb5Arv8ySqPuErVJU3OCkU/Rj9ZbC9JbrA
FtDMvpPyDXf6TsX3OC8frJfNFiJapf5C/Ob+HqdbP81rH6+KUHbrBbBsSyHAyEsK
HVFtttsVL/1oI/HZ4ZgbPzspq3cLV98mejpp6X/liCM0FBJzygA9RmPEY4NP7TPx
L6OHF5rY3oIrr8P5Y1jUQJgEhCLN86cNExvdxwddikiuKesDTSZ9kLqgBmpnmPvH
qDHPrmark0cvpeYuTBgwfuzZwiuqfaJAxtU5KkbL7lQmJ/yxf0x6N0Xhka/4W3Ar
AZU4hiHoMVzkcaZgesVWa0XbPgqEygzartQGuLCVHGuFdg5GMsLWLwOsyh4pxoaL
Xn7kUDquC4JgSra2jKfPRP2OuNhI9tCiYzdtHAI+RBPNE0VgCoNMDegZzog5IoLc
ksbkHXVl61+G8dvgk68v
=sPJL
-----END PGP SIGNATURE-----