Vigil@nce - ISC BIND: denial of service via GeoIP
December 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force an assertion error in GeoIP of ISC BIND, in
order to trigger a denial of service.
Impacted products: BIND
Severity: 2/4
Creation date: 09/12/2014
DESCRIPTION OF THE VULNERABILITY
The ISC BIND product can be compiled with "—with-geoip", in order
to enable the GeoIP geolocation feature.
However, when special queries are for IPv6, an assertion error
occurs because developers did not except this case, which stops
the process.
An attacker can therefore force an assertion error in GeoIP of ISC
BIND, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/ISC-BIND-denial-of-service-via-GeoIP-15755