Multiple vulnerabilities are found in the ISC BIND software. A remote attacker could send a specially crafted query to trigger a REQUIRE assertion failure which may cause the BIND to crash. In addition, a flaw in buffer size checking could cause the BIND to exit with an INSIST failure.
Both authoritative and recursive name servers are vulnerable to these problems.
> BIND 9.3.x to 9.9.8-P2
> BIND 9.9.3-S1 to 9.9.8-S3
> BIND 9.10.0 to 9.10.3-P2
Successful exploitation could lead to a denial of service (DoS) condition on an affected system.
Internet Systems Consortium (ISC) has released the following patches to solve the problems:
> BIND 9.9.8-P3 or 9.10.3-P3
http://www.isc.org/downloads/
https://kb.isc.org/article/AA-01335
https://kb.isc.org/article/AA-01336
https://www.us-cert.gov/ncas/current-activity/2016/01/19/Internet-Systems-Consortium-ISC-Releases-Security-Updates-BIND
https://www.hkcert.org/my_url/en/alert/16012002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705