02 November 2016
A vulnerability was found in the ISC BIND software. A remote attacker could send a specially crafted query to trigger an assertion failure which could cause the BIND to exit. Both authoritative and recursive name servers are affected.
Successful exploitation could lead to a denial of service (DoS) condition on an affected system.
Internet Systems Consortium (ISC) has released the following patches to solve the problems:
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://kb.isc.org/article/AA-01434 https://www.us-cert.gov/ncas/current-activity/2016/11/01/ISC-Releases-Security-Updates-BIND http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864