Security Alert (A17-04-05): Multiple Vulnerabilities in ISC BIND


 

Published on: 13 April 2017

  
  

Description:

Multiple vulnerabilities were found in the ISC BIND software. A remote attacker could send a specially crafted query or command to trigger an assertion failure which could cause the BIND to exit.

Both authoritative and recursive name servers are affected.

 

Affected Systems:

  • BIND 9.8.0 to 9.8.8-P1
  • BIND 9.9.0 to 9.9.9-P7
  • BIND 9.9.3-S1 to 9.9.9-S9
  • BIND 9.9.10b1 to 9.9.10rc2
  • BIND 9.10.0 to 9.10.4-P7
  • BIND 9.10.5b1 to 9.10.5rc2
  • BIND 9.11.0 to 9.11.0-P4
  • BIND 9.11.1b1 to 9.11.1rc2

 

Impact:

Successful exploitation could lead to a denial of service (DoS) condition on an affected system.

 

Recommendation:

Internet Systems Consortium (ISC) has released the following patches to solve the problems:

  • BIND 9.9.9-P8, 9.10.4-P8 and 9.11.0-P5
  • BIND v9.9.9-S10
  • BIND 9.9.10rc3, 9.10.5rc3 and 9.11.1rc3

http://www.isc.org/downloads/

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://kb.isc.org/article/AA-01465
https://kb.isc.org/article/AA-01466
https://kb.isc.org/article/AA-01471
https://www.us-cert.gov/ncas/current-activity/2017/04/12/ISC-Releases-Security-Updates-BIND
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138 



Tag: BIND , ISC
Tags