Skip to main content

ISC BIND Denial of Service Vulnerability

Last Update Date: 15 Jan 2014 Release Date: 14 Jan 2014 3885 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability has been identified in ISC BIND, which can be exploited by a remote user to cause denial of service (DoS) conditions.

 

A remote user can send a specially crafted query to an authoritative nameserver serving NSEC3-signed zones to cause the BIND service to crash.

 

Recursive-only servers are not affected.


Impact

  • Denial of Service

System / Technologies affected

  • ISC BIND 9.6.x to 9.6-ESV-R10-P1
  • ISC BIND 9.7 (All versions)
  • ISC BIND 9.8.0 to 9.8.6-P1
  • ISC BIND 9.9.0 to 9.9.4-P1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (9.6-ESV-R10-P2, 9.8.6-P2, 9.9.4-P2).

Vulnerability Identifier


Source


Related Link