BIND Security Advisories

A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named

Summary: 
A critical defect in BIND 9 allows an attacker to cause excessive memory consumption in named or other programs linked to libdns.
CVE: 
CVE-2013-2266
Document Version: 
1.0
Posting date: 
26 Mar 2013
Program Impacted: 
BIND
Versions affected: 
"Unix" versions of 9.7.x, 9.8.0 -> 9.8.5b1, 9.9.0 -> 9.9.3b1. (Windows versions are not affected)
Severity: 
Critical
Exploitable: 
Remotely

BIND 9 with DNS64 enabled can unexpectedly terminate when resolving domains in RPZ

Summary: 
ISC has learned of the potential for an error condition to occur in BIND 9 that can cause a nameserver to terminate with an assertion failure when processing queries if it has been configured to use both DNS64 and Response Policy Zones (RPZ). Please see the full advisory at https://kb.isc.org/article/AA-00855 for details.
CVE: 
CVE-2012-5689
Document Version: 
2.0
Posting date: 
24 Jan 2013
Program Impacted: 
BIND
Versions affected: 
9.8.0->9.8.4-P1, 9.9.0->9.9.2-P1
Severity: 
Low
Exploitable: 
remotely

BIND 9 Servers Using DNS64 Can Be Crashed By A Deliberately Crafted Query

Summary: 
A specific query can cause BIND nameservers using DNS64 to exit with a REQUIRE assertion failure. BIND nameservers that are not using DNS64 are not at risk.
CVE: 
CVE-2012-5688
Document Version: 
2.0
Posting date: 
04 Dec 2012
Program Impacted: 
BIND
Versions affected: 
9.8.0->9.8.4, 9.9.0->9.9.2
Severity: 
Critical
Exploitable: 
remotely

Specially Crafted DNS Data Can Cause a Lockup in named

Summary: 
A nameserver can be locked up if it can be induced to load a specially-crafted combination of resource records.
CVE: 
CVE-2012-5166
Document Version: 
2.0
Posting date: 
09 Oct 2012
Program Impacted: 
BIND
Versions affected: 
Pre-9.6, 9.6-ESV->9.6-ESV-R7-P3, 9.7.0->9.7.6-P3, 9.8.0->9.8.3-P3, 9.9.0->9.9.1-P3
Severity: 
Critical
Exploitable: 
remotely

A Specially Crafted Resource Record Could Cause named to Terminate

Summary: 
If a record with RDATA in excess of 65535 bytes is loaded into a nameserver, a subsequent query for that record will cause named to exit with an assertion failure.
CVE: 
CVE-2012-4244
Document Version: 
2.0
Posting date: 
12 Sep 2012
Program Impacted: 
BIND
Versions affected: 
9.0.x -> 9.9.1-P2
Severity: 
Critical
Exploitable: 
Remotely
Share this