A vulnerability is found in the Internet Systems Consortium (ISC) BIND software. A remote attacker could send a specially crafted packets to exploit an error in the handling of TKEY queries and trigger a REQUIRE assertion failure, causing BIND to exit. Access control lists or configuration options limiting or denying service cannot prevent the problem.
Both authoritative and recursive name servers are vulnerable to this problem.
Successful exploitation could lead to denial of service (DoS) condition on an affected system.
ISC has released the following patches to solve the problem:
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://kb.isc.org/article/AA-01272
https://www.us-cert.gov/ncas/current-activity/2015/07/28/Internet-Systems-Consortium-ISC-Releases-Security-Updates-BIND
https://exchange.xforce.ibmcloud.com/vulnerabilities/105120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477