Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ISC BIND 9.x < 9.9.7-P3 / 9.9.8 / 9.9.8-S1 / 9.9.8rc1 / 9.9.9-S3 / 9.10.2-P4 / 9.10.3 / 9.10.3rc1 Multiple DoS

High

Synopsis

The remote DNS server may be affected by multiple Denial of Service (DoS) attack vectors.

Description

Versions of ISC BIND 9.x prior to 9.9.7-P3, 9.9.9-S3, 9.10.2-P4, and 9.10.3 are unpatched for the following vulnerabilities :

- An assertion flaw exists that is triggered when parsing malformed DNSSEC keys. With a specially crafted query to a zone containing such a key, a remote attacker can cause a validating resolver to exit. (OSVDB 126995) - A flaw exists in the 'fromwire_openpgpkey()' function in 'openpgpkey_61.c' that is triggered when the length of the data is less than 1. With a specially crafted response to a query, a remote attacker can cause an assertion failure that terminates named. (OSVDB 126997)

Solution

Upgrade ISC BIND to version 9.10.3 or later. If version 9.10.x cannot be obtained, versions 9.10.3-rc1, 9.10.2-P4, 9.9.9-S3, 9.9.8rc1, 9.9.8-S1, 9.9.8 and 9.9.7-P3 are also patched for these vulnerabilities.