SynopsisThe remote name server is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the instance of ISC BIND running on the remote name server is 9.x.x prior to 9.9.10-P1, 9.10.x prior to 9.10.5-P1, or 9.11.x prior to 9.11.1-P1. It is, therefore, affected by multiple vulnerabilities :
- A denial of service vulnerability exists when processing Response Policy Zone (RPZ) rule types. An unauthenticated, remote attacker can exploit this, via a specially crafted query, to cause an infinite loop condition that degrades the server's functionality.
- A privilege escalation vulnerability exists in the BIND installer for Windows due to using an unquoted service path. A local attacker can exploit this to gain elevated privileges provided that the host file system permissions allow this. Note that non-Windows builds and installations are not affected. (CVE-2017-3141)
SolutionUpgrade to ISC BIND version 9.9.10-P1 / 9.9.10-S2 / 9.10.5-P1 / 9.10.5-S2 / 9.11.1-P1 or later. Note that BIND 9 versions 9.9.10-S2 and 9.10.5-S2 are available exclusively for eligible ISC Support customers.