BIND Vulnerabilities

ISC has discovered or has been notified of several bugs which can result in vulnerabilities of varying levels of severity in BIND as distributed by ISC. Upgrading to the latest BIND version is strongly recommended.


Name: "BIND: Self Check Failing
[Added 2005.25.01]
Versions affected: 	    	BIND 9.3.0
Severity: 	    	LOW
Exploitable: 	    	Remotely
Type: 	    	Denial of Service
Description:

An incorrect assumption in the validator (authvalidated) can result in a REQUIRE (internal consistancy) test failing and named exiting.

Workarounds:

Turn off dnssec validation (off by default) at the options/view level.

   dnssec-enable no; 

Active Exploits:

None known


Fix:

Upgrade to BIND 9.3.1
http://www.isc.org/sw/bind/


Name: "BIND:
[Added 2005.25.01]
Versions affected: 	    	BIND 8.4.4 and 8.4.5 *only*
Severity: 	    	LOW
Exploitable: 	    	Remotely
Type: 	    	Denial of Service
Description:

It is possible to overrun the q_usedns array which is used to track nameservers / addresses that have been queried.

Workarounds:

Disable recursion and glue fetching.

Active Exploits:

None known


Fix:

Upgrade to BIND 8.4.6
http://www.isc.org/sw/bind/