Security Alert (A15-09-01): Multiple Vulnerabilities in ISC BIND


 

Published on: 04 September 2015

  
  

Description:

Multiple vulnerabilities are found in the ISC BIND software. A remote attacker could send a specially crafted query to exploit errors in parsing a malformed DNSSEC key or in performing a boundary check in openpgpkey_61.c that would trigger an assertion failure, causing BIND to exit.

Both authoritative and recursive name servers are vulnerable to these problems.


Affected Systems:

  • BIND 9.0.0 to 9.8.8
  • BIND 9.9.0 to 9.9.7-P2
  • BIND 9.10.0 to 9.10.2-P3

Impact:

Successful exploitation could lead to denial of service (DoS) condition on an affected system.


Recommendation:

Internet Systems Consortium (ISC) has released the following patches to solve the problems:

  • BIND 9.9.7-P3 and 9.10.2-P4
    http://www.isc.org/downloads/

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.


More Information:

https://kb.isc.org/article/AA-01287
https://kb.isc.org/article/AA-01291
https://www.us-cert.gov/ncas/current-activity/2015/09/02/Internet-Systems-Consortium-ISC-Releases-Security-Updates-BIND
https://www.hkcert.org/my_url/en/alert/15090402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5986



Tag: BIND , ISC
Tags