Vulnerability Management

ISC released BIND security update concerning race condition flaw


ISC announced a race condition vulnerability that occurs when discarding malformed packets that can cause BIND to exit with an assertion failure.

As a result of the flaw, "an attacker who can cause a resolver to perform queries [that] will be answered by a server [that] responds with deliberately malformed answers can cause named to exit, denying service to clients,” according to a June 19 security notice.

The vulnerability is remotely exploitable with a CVSS Score of 5.9 and a "Medium" severity rating. The issue can be patched by upgrading to the patched release most closely related to the user’s current version of BIND.

Researchers recommend users update their systems to the patched release most closely related to their current version of BIND which may include BIND 9.11.8, BIND 9.12.4-P2, BIND 9.14.3 or BIND 9.15.1.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.