FreeBSD : dns/bind9* -- Heavy DNSSEC Validation Load Can Cause a 'Bad Cache' Assertion Failure (0bc67930-d5c3-11e1-bef6-0024e81297ae)

NASLDB: FreeBSD : dns/bind9* -- Heavy DNSSEC Validation Load Can Cause a 'Bad Cache' Assertion Failure (0bc67930-d5c3-11e1-bef6-0024e81297ae)

General

ID: 60114
Name: FreeBSD : dns/bind9* — Heavy DNSSEC Validation Load Can Cause a ‘Bad Cache’ Assertion Failure (0bc67930-d5c3-11e1-bef6-0024e81297ae)

Summary: Checks for updated packages in pkg_info output

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Temporal Vector: –

Port: 0
Family: FreeBSD Local Security Checks
Type: Local

Description

ISC reports :

High numbers of queries with DNSSEC validation enabled can cause an
assertion failure in named, caused by using a ‘bad cache’ data
structure before it has been initialized.

BIND 9 stores a cache of query names that are known to be failing due
to misconfigured name servers or a broken chain of trust. Under high
query loads when DNSSEC validation is active, it is possible for a
condition to arise in which data from this cache of failing queries
could be used before it was fully initialized, triggering an assertion
failure.

This bug cannot be encountered unless your server is doing DNSSEC
validation.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-3817
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2012/07/24
Patch Release: 2012/07/24
Plugin Release: 2012/07/25

Plugin

Version: 1.4
Filename: freebsd_pkg_0bc67930d5c311e1bef60024e81297ae.nasl
Filesize: 4914 bytes
MD5 Hash: d7fb8d43d45c48b59e7ecf364b8ebfa5

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info
Dependencies: "ssh_get_info.nasl"