Security Alert (A17-06-07): Multiple Vulnerabilities in ISC BIND


 

Published on: 30 June 2017

Share on Facebook    Share on X   

Description:

Multiple vulnerabilities were found in the ISC BIND software. A remote attacker that can send and receive messages to an authoritative DNS server and with knowledge of a valid Transaction Signature (TSIG) key name could send specially crafted packets to read or manipulate zone contents.

 

Affected Systems:

  • BIND 9.4.0 to 9.8.8
  • BIND 9.9.0 to 9.9.10-P1
  • BIND 9.10.0 to 9.10.5-P1
  • BIND 9.11.0 to 9.11.1-P1
  • BIND 9.9.3-S1 to 9.9.10-S2
  • BIND 9.10.5-S1 to 9.10.5-S2

 

 

Impact:

Successful exploitation could lead to data manipulation and information disclosure on an affected system. 

 

Recommendation:

Internet Systems Consortium (ISC) has released the following patches to solve the problems:

  • BIND 9.9.10-P2, 9.10.5-P2 and 9.11.1-P2
  • BIND 9.9.10-S3
  • BIND 9.10.5-S3

http://www.isc.org/downloads/

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://kb.isc.org/article/AA-01503
https://kb.isc.org/article/AA-01504
https://www.hkcert.org/my_url/en/alert/17063002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143 



Tag: BIND , ISC
Tags