Skip to main content

ISC BIND Multiple Vulnerabilities

Last Update Date: 26 Jul 2012 12:02 Release Date: 26 Jul 2012 5013 Views

RISK: Medium Risk

TYPE: Servers - Network Management

TYPE: Network Management

Multiple vulnerabilities have been identified in ISC BIND, which can be exploited by remote user to cause denial of service.

  1. On systems configured for DNSSEC validation, a remote user can cause the cache of failing queries to be used before fully initialized, triggering an assertion failure.
  2. A remote user can generate high TCP query loads to trigger a memory leak in the processing of empty queues and adversely affect system performance.

Impact

  • Denial of Service

System / Technologies affected

  • Versions 9.6-ESV-R1 through 9.6-ESV-R7-P1
  • Versions 9.7.1 through 9.7.6-P1
  • Versions 9.8.0 through 9.8.3-P1
  • Versions 9.9.0 through 9.9.1-P1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (9.9.1-P2, 9.8.3-P2, 9.7.6-P2, 9.6-ESV-R7-P2).

Vulnerability Identifier


Source


Related Link