SynopsisThe remote DNS server may be affected by multiple vulnerabilities.
DescriptionVersions of ISC BIND earlier than 9.10.1-P1 are unpatched for the following vulnerabilities:
- Denial of service vulnerability that can be triggered when handling a maliciously constructed query or zone request, causing the service to issue unlimited queries in an attempt to follow a delegation (CVE-2014-8500)
- Denial of service vulnerability in the pre-fetch feature that is triggered when the response to a specially crafted DNS query contains particular attributes. (CVE-2014-3214)
- Denial of service vulnerability in EDNS option processing (CVE-2014-3859)
- Denial of service in three unspecified flaws in the GeoIP feature (CVE-2014-8680)
SolutionUpdates have been released by the vendor. BIND 9.10.1-P1 fixes this vulnerability. Apply the vendor update, or update to a later version.