Skip to main content

Patches for DNS Software BIND Vulnerabilities

BIND is the most widely used Domain Name System (DNS) software on the internet.
Threat ID:
CC-1085
Category:
DOS, Exploit
Threat Severity:
Medium
Threat Vector:
Published:
19 January 2017 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

BIND is the most widely used Domain Name System (DNS) software on the internet.

Threat details

The Internet Systems Consortium (ISC) has issued updates for BIND which fixes four high severity remotely exploitable Denial of Service (DoS) vulnerabilities.

CVE-2016-9778 is an error in handling specific queries. These can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service.

CVE-2016-9131 can cause a BIND recursive server to crash by a malformed query response. The combination of properties that triggers the issue should not exist in normal traffic.

CVE-2016-9147 can cause an assertion failure if query responses contain inconsistent DNSSEC information which are mishandled by BIND.

CVE-2016-9444 could allow an attacker to send a malformed answer containing a delegation signer record to crash its target’s system.

The risk in CVE-2016-9444, CVE-2016-9147 and CVE-2016-9131 largely lies with recursive servers whereas CVE-2016-9778 only affects certain configurations. There are no known active exploits at the time of publication.

Remediation advice

Organisations should update the BIND software at the earliest opportunity to the following versions:

Remediation steps

Type Step
  • Version 9.9.9-P5
  • Version 9.10.4-P5
  • Version 9.11.0-P2
  • Version 9.9.9-S7.

Last edited: 17 February 2020 11:37 am