named exits with a REQUIRE assertion failure if it receives a null command string on its control channel

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.

N/A

N/A

ISC BIND 安全漏洞

ISC BIND是美国Internet Systems Consortium（ISC）公司所维护的一套实现了DNS协议的开源软件。 ISC BIND中存在远程拒绝服务漏洞。远程攻击者可通过发送请求利用该漏洞造成拒绝服务。以下版本受到影响：ISC BIND 9.9.9版本至9.9.9-P7版本，9.9.10b1版本至9.9.10rc2版本，9.10.4版本至9.10.4-P7版本，9.10.5b1版本至9.10.5rc2版本，9.11.0版本至9.11.0-P4版本，9.11.1b1版本至9.11.1rc2

N/A

N/A