Security Alert (A16-09-08): Vulnerability in ISC BIND


 

Published on: 28 September 2016

  
  

Description:

A vulnerability was found in the ISC BIND software. A remote attacker could send a specially crafted query to trigger an assertion failure which could cause the BIND to exit.

All name servers are vulnerable if they can receive request packets from any source.

 

Affected Systems:

  • BIND 9.0.x to 9.8.x
  • BIND 9.9.0 to 9.9.9-P2
  • BIND 9.9.3-S1 to 9.9.9-S3
  • BIND 9.10.0 to 9.10.4-P2
  • BIND 9.11.0a1 to 9.11.0rc1 

 

Impact:

Successful exploitation could lead to a denial of service (DoS) condition on an affected system. 

 

Recommendation:

Internet Systems Consortium (ISC) has released the following patches to solve the problems:

  • BIND 9.9.9-P3, 9.10.4-P3 and 9.11.0rc3
    http://www.isc.org/downloads/

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://kb.isc.org/article/AA-01419
https://www.hkcert.org/my_url/en/alert/16092801
https://www.us-cert.gov/ncas/current-activity/2016/09/27/ISC-Releases-Security-Updates-BIND
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776 



Tag: BIND , ISC
Tags