|CERT-In Vulnerability Note
Denial of Service Vulnerability in ISC BIND
Original Issue Date:March 06, 2018
Severity Rating: HIGH
- ISC BIND version 9.10.6-S1 through 9.10.6-S2
- ISC BIND versions 9.10.5-S1 through 9.10.5-S4
A vulnerability has been reported in ISC BIND which could be exploited by a remote attacker to cause a denial of service (DoS) condition on the targeted system.
This vulnerability exists in ISC BIND due to improper handling of malformed packets by the affected software when a SERVFAIL rcode is selected erroneously instead of a FORMERR rcode. A remote attacker could exploit this vulnerability by sending a malformed packet to a targeted system when the SERVFAIL cache feature is enabled leading to an assertion failure in badcache.c
Successful exploitation of this vulnerability could lead to a denial of service condition on the targeted system.
Apply appropriate updates as mentioned by vendor:
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003