Description: A vulnerability been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the handling of the TSIG in the second or subsequent messages in a zone transfer. This can be exploited to crash "named" via a malformed TSIG in the messages.
Successful exploitation requires that the first zone transfer message have a valid TSIG.
Solution: The vulnerability will reportedly be fixed in a future release.
Do not accept zone-transfers from non-trusted nameservers.
Provided and/or discovered by: Reported by vendor based on DNS Test Tool created by Oulu University Secure Programming Group.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
