CVE-2012-5689

Name of the Vulnerable Software and Affected Versions ISC BIND versions 9.8.x through 9.8.4-P1 ISC BIND versions 9.9.x through 9.9.2-P1

Description The issue allows remote attackers to cause a denial of service, resulting in an assertion failure and the named daemon exiting. This occurs when a query for an AAAA record is made in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule.

Recommendations For ISC BIND versions 9.8.x through 9.8.4-P1, consider adding an AAAA rewrite rule to the Response Policy Zone to prevent the denial of service. For ISC BIND versions 9.9.x through 9.9.2-P1, consider adding an AAAA rewrite rule to the Response Policy Zone to prevent the denial of service. As a temporary workaround, consider restricting access to DNS64 configurations with Response Policy Zones until a patch is available.