Security Alert (A18-01-11): Vulnerability in ISC BIND


 

Published on: 17 January 2018

  
  

Description:

A vulnerability was found in the ISC BIND software. A remote attacker could send a specially crafted query to trigger an assertion failure which could cause the BIND to crash unexpectedly.

 

Affected Systems:

  • BIND 9.0.0 to 9.8.x,
  • BIND 9.9.0 to 9.9.11,
  • BIND 9.10.0 to 9.10.6,
  • BIND 9.11.0 to 9.11.2,
  • BIND 9.9.3-S1 to 9.9.11-S1,
  • BIND 9.10.5-S1 to 9.10.6-S1,
  • BIND 9.12.0a1 to 9.12.0rc1

 

Impact:

Successful exploitation could lead to a denial of service (DoS) condition on an affected system.

 

Recommendation:

Internet Systems Consortium (ISC) has released the following patches to solve the problems:

  • BIND 9 version 9.9.11-P1
  • BIND 9 version 9.10.6-P1
  • BIND 9 version 9.11.2-P1
  • BIND 9 version 9.12.0rc2
  • BIND 9 version 9.9.11-S2
  • BIND 9 version 9.10.6-S2

http://www.isc.org/downloads/

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://kb.isc.org/article/AA-01542
https://www.hkcert.org/my_url/en/alert/18011701
https://www.us-cert.gov/ncas/current-activity/2018/01/16/ISC-Releases-Security-Advisories-DHCP-BIND
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145

 



Tag: ISC , BIND
Tags