Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

jeudi 23 janvier 2014

Denial of Service on Bind BIND nameservers (CERT-EU Security Advisory 2014-007)

Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. By exploiting this defect an attacker deliberately constructing a query with the right properties could achieve denial of service against an authoritative nameserver serving NSEC3-signed zones.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 215

x

Événements SSI