Multiple vulnerabilities were found in the ISC BIND software. A remote attacker that can send and receive messages to an authoritative DNS server and with knowledge of a valid Transaction Signature (TSIG) key name could send specially crafted packets to read or manipulate zone contents.
Successful exploitation could lead to data manipulation and information disclosure on an affected system.
Internet Systems Consortium (ISC) has released the following patches to solve the problems:
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.