Skip to main content

ISC BIND DNS Resource Records Handling Vulnerability

Last Update Date: 5 Jun 2012 12:04 Release Date: 5 Jun 2012 5389 Views

RISK: High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability has been identified in ISC BIND, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling DNS resource records and can be exploited to e.g. cause recursive servers to crash or disclose certain memory to clients via records containing zero length rdata.


Impact

  • Denial of Service

System / Technologies affected

  • ISC BIND 9.2.x
  • ISC BIND 9.3.x
  • ISC BIND 9.4.x
  • ISC BIND 9.5.x
  • ISC BIND 9.6.x
  • ISC BIND 9.7.x
  • ISC BIND 9.8.x
  • ISC BIND 9.9.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 9.6-ESV-R7-P1, 9.7.6-P1, 9.8.3-P1, or 9.9.1-P1.

 


Vulnerability Identifier


Source


Related Link