Security Alert (A19-02-08): Multiple Vulnerabilities in ISC BIND


 

Published on: 25 February 2019

Share on Facebook    Share on X   

Description:

Multiple vulnerabilities were found in "EDNS", "managed-keys" and "Dynamically Loadable Zones" features of the Internet Systems Consortium (ISC) BIND software. A remote attacker could send specially crafted messages, make malicious queries or trigger DNS zone transfers to exploit the vulnerabilities.

 

Affected Systems:

  • BIND 9.9.0 to 9.10.8-P1
  • BIND 9.11.0 to 9.11.5-P2
  • BIND 9.12.0 to 9.12.3-P2
  • BIND 9.9.3-S1 to 9.11.5-S3
  • BIND 9.13.0 to 9.13.6

 

Impact:

Successful exploitation could lead to a denial of service condition or information disclosure on an affected system.

 

Recommendation:

ISC has released the following patches to solve the problems:

  • BIND 9 version 9.11.5-P4
  • BIND 9 version 9.12.3-P4
  • BIND 9 version 9.11.5-S5

http://www.isc.org/downloads/

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://kb.isc.org/docs/cve-2018-5744
https://kb.isc.org/docs/cve-2018-5745
https://kb.isc.org/docs/cve-2019-6465
https://www.hkcert.org/my_url/en/alert/19022501
https://www.us-cert.gov/ncas/current-activity/2019/02/22/ISC-Releases-Security-Updates-BIND
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6465

 



Tag: BIND , ISC
Tags