-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2013-0049

Title: Denial of Service on Bind BIND nameservers [1]

Version history:
06.06.2013 Initial publication

Summary
=======
A defect exists which allows an attacker to crash a BIND 9 recursive resolver with a RUNTIME_CHECK error in resolver.c. At the time of this advisory no intentional exploitation of this bug has been observed in the wild.

CVE Numbers:
CVE-2013-3919 

CVSS v2 Base Score:7.8 (HIGH) (AV:N/AC:L/Au:N/C:N/I:N/A:C) 

Vulnerable systems
==================
BIND 9.6-ESV-R9, 9.8.5, and 9.9.3

Original Details
================
A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal "RUNTIME_CHECK" error in resolver.c
What can you do?
================
New versions of BIND are being provided which contain a fix for the defect. The recommended solution is to upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from ISC site. [2]http://ftp.isc.org/isc/bind9

BIND 9 version 9.9.3-P1
BIND 9 version 9.8.5-P1
BIND 9 version 9.6-ESV-R9-P1

What to tell your users?
========================
N/A

More information
================
[1] https://kb.isc.org/article/AA-00967/
[2] http://ftp.isc.org/isc/bind9

Best regards,

CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement:
http://cert.europa.eu/cert/plainedition/en/cert_privacy.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJRsD5JAAoJEPpzpNLI8SVofMsP/iUz1KKwcT5rqNeCZf+a1jKT
dmn3WuEHFlz8X1nIR7j5fbNZApDFwp3z89Sa2qEsKbWyAqSV2SBQuRxTsH6ppOyz
Jz81m97o/fNa387zlIg/hLeOkuy8Wz65kbl+SuuVok8rLfvYJ4ByLLjc5yvvVFoT
SL4vEloY8P4suHzcuuHi5MXxWKe3RUeYnwPaKGdYrGwgfnbW2FioqWl8nXt4a+hv
vPdPGeJwGYlTuMSxlZQC96aQJEf3UT2hzO1rHB8Ab+AJ+u62VBMH7gUOWuChthTm
mJPXKP/avXJBOXXv0kg41svqiqwZ61/xVmx221/WCAqJ1B3fk37uIbuxpdrg3YB4
yNd07C/tmxSTIh3+zUXXzNkj8WkM62htavdYIqmQYjU7qK0EKX7eXlm1JupaB8Tr
Hv/tqeicgE/97QiEoufjdMfjWGKXqQkzMQrnpxObFyB5eLPX06ZvHMOD5N976try
dYGKyd8PlWhLuZ04TPZ//LLJQ4EBnproED8H1C6jzSJ450stBmLvVYKru8GS13KW
ispy25n4/hwDSnwPbRB/P1WCiRj//sajz0/oIbUIT1tLcJIlZ4Fac6ReqItRHaIQ
ngam+BCnhFBhZtA3GCj66LMQJ47eRWgb83tlJibVsu3uCo4KNDoD3YUBkFiUOqh+
krzOZ2/6QJEyDBcX5f5b
=V8IM
-----END PGP SIGNATURE-----