Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ISC BIND 9.0.x < 9.9.6-P1 'named' Delegation Handling DoS

High

Synopsis

The remote DNS server may be affected by a remote denial of service vulnerability.

Description

Versions of ISC BIND earlier than 9.9.6-P1 are unpatched for a denial of service vulnerability that can be triggered when handling a maliciously constructed request. A maliciously constructed query or zone request can cause the service to issue unlimited queries in an attempt to follow a delegation, leading to a denial of service condition that terminates the 'named' service.

Solution

Updates have been released by the vendor. BIND 9.9.6-P1 fixes this vulnerability, as does BIND 9.10.1-P1. Apply the vendor update, or update to a later version.