Reported June 5, 2002, by Internet Security Systems.
· Internet Software Consortium’s BIND 9.0 to 9.2.1
A Denial of Service (DoS) condition exists in Internet Software Consortium’s BIND DNS software. This vulnerability stems from a logic error that exists in BIND that lets remote attackers cause the DNS server running ISC BIND 9.0 to 9.2.1 to fail, shut down, and manually restart. The dns_message_findtype() routine contains this DoS vulnerability. Under typical operating conditions, the rdataset variable is non-null. This exploit forces rdataset to be null, or empty, which causes an error and calls abort(), which shuts down the server.
Discovered by Internet Software Consortium.