Security Alert (A16-11-01): Vulnerability in ISC BIND


 

Published on: 02 November 2016

Description:

A vulnerability was found in the ISC BIND software. A remote attacker could send a specially crafted query to trigger an assertion failure which could cause the BIND to exit.

Both authoritative and recursive name servers are affected.


Affected Systems:

  • BIND 9.0.x to 9.8.x
  • BIND 9.9.0 to 9.9.9-P3
  • BIND 9.9.3-S1 to 9.9.9-S5
  • BIND 9.10.0 to 9.10.4-P3
  • BIND 9.11.0

Impact:

Successful exploitation could lead to a denial of service (DoS) condition on an affected system.


Recommendation:

Internet Systems Consortium (ISC) has released the following patches to solve the problems:

  • BIND 9.9.9-P4, 9.10.4-P4 and 9.11.0-P1
  • BIND 9.9.9-S6
    http://www.isc.org/downloads/

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.


More Information:

https://kb.isc.org/article/AA-01434
https://www.us-cert.gov/ncas/current-activity/2016/11/01/ISC-Releases-Security-Updates-BIND
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864



Tag: BIND , ISC
Tags