ISC BIND Multiple Vulnerabilities

Last Update Date: 26 Jul 2012 12:02 Release Date: 26 Jul 2012 4337 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Network Management

TYPE: Network Management

Multiple vulnerabilities have been identified in ISC BIND, which can be exploited by remote user to cause denial of service.

  1. On systems configured for DNSSEC validation, a remote user can cause the cache of failing queries to be used before fully initialized, triggering an assertion failure.
  2. A remote user can generate high TCP query loads to trigger a memory leak in the processing of empty queues and adversely affect system performance.

Impact

  • Denial of Service

System / Technologies affected

  • Versions 9.6-ESV-R1 through 9.6-ESV-R7-P1
  • Versions 9.7.1 through 9.7.6-P1
  • Versions 9.8.0 through 9.8.3-P1
  • Versions 9.9.0 through 9.9.1-P1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (9.9.1-P2, 9.8.3-P2, 9.7.6-P2, 9.6-ESV-R7-P2).

Vulnerability Identifier

Source

Related Link

Share with

Previous

Invensys Wonderware Products Insecure Library Loading Vulnerability

25 Jul 2012 4407 Views

Next

ISC DHCP Multiple Vulnerabilities

26 Jul 2012 4294 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY