Recent security news
ISC Response to Recent DNS Transaction ID Issues
Security Advisory against ISC BIND 9.4.0 and later releases - Upgrade Now!
BIND4/BIND8 Unsuitable for Forwarder Use
If a nameserver -- any nameserver, whether BIND or otherwise -- is configured to use ``forwarders'', then none of the the target forwarders can be running BIND4 or BIND8. Upgrade all nameservers used as ``forwarders'' to BIND9 . There is a wide scale Kashpureff-style DNS cache corruption attack that depends on BIND4 and BIND8 as the targets of DNS forwarders.
See the BIND Security Matrix for a complete index of the vulnerability of BIND versions to all known security alerts.
Alerts
- CERT Advisory VU#927905 on BIND 8.x UPGRADE: A sequence of queries can cause a recursive nameserver to exit.
- UPGRADE: dereferencing freed fetch context can caused named to exit unintentionally.
- DNSSEC Validation vulnerability.
- Vulnerabilities around SIG Query processing and INSIST Failures
- (5 Sept 2006) NISCC 172003 (5 Sept 2006) CERT Vulnerability Notes VU#915404 and VU#697164
- NISCC-UNIRAS 20050125-00059 CERT Vulnerability Note VU#327633
- NISCC-UNIRAS 20050125-00060 CERT Vulnerability Note VU#938617
- NISCC-UNIRAS 20041130-00862 BIND versions 4, 8 and 9 are not vulnerable to this attack
- BIND buffer overflow in inet_network()
- CERT Advisory CA-2001-02 - 01/29/2001
- CERT Advisory CA-2002-19 - 06/28/2002
- CERT Advisory - CA-98.05 - 04/08/1998, revised 11/16/1998
- CERT Advisory CA-99-14 - 11/10/1999
Bug reports
Before submitting a bug report please ensure you are running a current version.
Bug reports for BIND should be sent to <bind9-bugs@isc.org>
