Edit Report

Our sensors found this exploit at:

Below is a copy:

libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv.

BIND 9.10.0-P2 is a security fix release of BIND 9.10 which also includes changes to address GCC optimization issues described in ISC Operational Notification

This document summarizes features added or significantly changed since the previous major release, BIND 9.9. Bug fixes since BIND 9.10.0 are also summarized. Changes marked with '**' have been added since the previous release (BIND 9.10.0-P1). Please see the CHANGES file in the source code release for a complete list of all changes.


- A query specially crafted to exploit a defect in EDNS option processing can cause named to terminate with an assertion failure. This fixes a missing isc_buffer_availablelength check when printing out a packet.  [CVE-2014-3859] [RT #36078] **
- A programming error in the prefetch feature could cause named to crash with a "REQUIRE" assertion failure in name.c [CVE-2014-3214] [RT #35899]

Copyright ©2023 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.