ISC BIND Multiple Vulnerabilities
Last Update Date:
26 Jul 2012 12:02
Release Date:
26 Jul 2012
5013
Views
RISK: Medium Risk
TYPE: Servers - Network Management
Multiple vulnerabilities have been identified in ISC BIND, which can be exploited by remote user to cause denial of service.
- On systems configured for DNSSEC validation, a remote user can cause the cache of failing queries to be used before fully initialized, triggering an assertion failure.
- A remote user can generate high TCP query loads to trigger a memory leak in the processing of empty queues and adversely affect system performance.
Impact
- Denial of Service
System / Technologies affected
- Versions 9.6-ESV-R1 through 9.6-ESV-R7-P1
- Versions 9.7.1 through 9.7.6-P1
- Versions 9.8.0 through 9.8.3-P1
- Versions 9.9.0 through 9.9.1-P1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued a fix (9.9.1-P2, 9.8.3-P2, 9.7.6-P2, 9.6-ESV-R7-P2).
Vulnerability Identifier
Source
Related Link
Share with