|CERT-In Vulnerability Note
Multiple Vulnerabilities in ISC BIND
Original Issue Date:May 21, 2020
Severity Rating: HIGH
- ISC BIND versions 9.0.0 to 9.11.18
- ISC BIND versions 9.12.0 to 9.12.4-P2
- ISC BIND versions9.13.x
- ISC BIND versions9.14.0 to 9.14.11
- ISC BIND versions9.15.x
- ISC BIND versions9.16.0 to 9.16.2
- ISC BIND versions 9.17.0 to 9.17.1
- ISC BIND versions 9.9.3-S1 to 9.11.18-S1
Multiple vulnerabilities have been reported in ISC BIND which could allow a remote attacker to cause denial of service conditions on a targeted system.
1. Denial of Service Vulnerability
This vulnerability exists in BIND due to a logic error in tsig.c. A remote attacker could exploit this vulnerability by sending a specially crafted message to the affected server.
Successful exploitation of this vulnerability could allow the attacker to cause denial of service conditions on the targeted system.
2. Denial of Service (Performance degradation)Vulnerability
This vulnerability exists in BIND due to insufficient limiting of the number of fetches performed when processing referrals. A remote attacker could exploit this vulnerability by using specially crafted referrals.
Successful exploitation of this vulnerability could allow the attacker to cause denial of service (performance degradation) conditions on the targeted system. The attacker may also exploit this vulnerability to use the recursing server as a reflector in a reflection attack with a high amplification factor.
Update to the latest versions as available at the following URL:
IBM X-Force Exchange
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003