SynopsisThe remote DNS server may be affected by multiple Denial of Service (DoS) attack vectors.
DescriptionVersions of ISC BIND 9.x prior to 9.9.7-P3, 9.9.9-S3, 9.10.2-P4, and 9.10.3 are unpatched for the following vulnerabilities :
- An assertion flaw exists that is triggered when parsing malformed DNSSEC keys. With a specially crafted query to a zone containing such a key, a remote attacker can cause a validating resolver to exit.
- A flaw exists in the 'fromwire_openpgpkey()' function in 'openpgpkey_61.c' that is triggered when the length of the data is less than 1. With a specially crafted response to a query, a remote attacker can cause an assertion failure that terminates named.
SolutionUpgrade ISC BIND to version 9.10.3 or later. If version 9.10.x cannot be obtained, versions 9.10.3-rc1, 9.10.2-P4, 9.9.9-S3, 9.9.8rc1, 9.9.8-S1, 9.9.8 and 9.9.7-P3 are also patched for these vulnerabilities.