SynopsisThe remote DNS server may be affected by multiple Denial of Service (DoS) attack vectors.
DescriptionVersions of ISC BIND 9.x prior to 9.9.8-P4, 9.9.8-S6, 9.9.9-S3 and 9.10.3-P4 are unpatched for the following vulnerabilities :
- A flaw exists in 'sexpr.c' and 'alist.c' that is triggered when handling specially crafted control channel packets, as controlled by the the 'rndc' server control utility. This may allow a remote attacker to cause a server to stop responding.
- A flaw exists in 'resolver.c' and 'db.c' that is triggered when handling specially crafted DNAME resource record signatures. This may allow a remote attacker to cause a denial of service.
SolutionUpgrade ISC BIND to version 9.10.3-P4 or later. If version 9.10.x cannot be obtained, versions 9.9.9-S3, 9.9.8-S6 and 9.9.8-P4 are also patched for these vulnerabilities.