ISC BIND Denial of Service Vulnerability
Last Update Date:
15 Jan 2014
Release Date:
14 Jan 2014
3885
Views
RISK: Medium Risk
TYPE: Servers - Other Servers
A vulnerability has been identified in ISC BIND, which can be exploited by a remote user to cause denial of service (DoS) conditions.
A remote user can send a specially crafted query to an authoritative nameserver serving NSEC3-signed zones to cause the BIND service to crash.
Recursive-only servers are not affected.
Impact
- Denial of Service
System / Technologies affected
- ISC BIND 9.6.x to 9.6-ESV-R10-P1
- ISC BIND 9.7 (All versions)
- ISC BIND 9.8.0 to 9.8.6-P1
- ISC BIND 9.9.0 to 9.9.4-P1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued a fix (9.6-ESV-R10-P2, 9.8.6-P2, 9.9.4-P2).
Vulnerability Identifier
Source
Related Link
Share with