ISC BIND Multiple Denial of Service Vulnerabilities
Last Update Date:
6 Jul 2011 11:22
Release Date:
6 Jul 2011
6341
Views
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities have been identified in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling UPDATE requests and can be exploited to terminate the named process by sending specially crafted UPDATE requests.
- Errors within the "Response Policy Zones" (RPZ) feature when processing DNAME and CNAME records can be exploited to terminate the named process.
Successful exploitation requires that recursion is enabled and the server is configured to use RPZ. - A vulnerability is caused due to an error when handling UPDATE requests.
Impact
- Denial of Service
System / Technologies affected
- ISC BIND 9.6.x
- ISC BIND 9.7.x
- ISC BIND 9.8.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to versions 9.6-ESV-R4-P3, 9.7.3-P3, 9.8.0-P4.
http://www.isc.org/software/bind
Vulnerability Identifier
Source
Related Link
Share with