Security Alert (A17-06-07): Multiple Vulnerabilities in ISC BIND
30 June 2017
Multiple vulnerabilities were found in the ISC BIND software. A remote attacker that can send and receive messages to an authoritative DNS server and with knowledge of a valid Transaction Signature (TSIG) key name could send specially crafted packets to read or manipulate zone contents.
BIND 9.4.0 to 9.8.8
BIND 9.9.0 to 9.9.10-P1
BIND 9.10.0 to 9.10.5-P1
BIND 9.11.0 to 9.11.1-P1
BIND 9.9.3-S1 to 9.9.10-S2
BIND 9.10.5-S1 to 9.10.5-S2
Successful exploitation could lead to data manipulation and information disclosure on an affected system.
Internet Systems Consortium (ISC) has released the following patches to solve the problems:
BIND 9.9.10-P2, 9.10.5-P2 and 9.11.1-P2
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.