/>
X

Cache poisoning vulnerability in ISC BIND 9

The vulnerability exists in the way BIND 9 handles recursive client queries that may cause additional records to be added to its cache.
ryan-naraine.jpg
Written by Ryan Naraine, Contributor on

The Internet Systems Consortium (ISC) has shipped a patch to cover a "severe" cache poisoning vulnerability for BIND 9 users who have DNSSEC validation turned on.

The vulnerability exists in the way BIND 9 handles recursive client queries that may cause additional records to be added to its cache.

From the ISC advisory:

While this security vulnerability is rated as "medium" risk, this is because it is not currently a risk for many BIND users. For users who have DNSSEC validation turned on, this bug is a SEVERE risk and upgrading to the newly patched code is imperative.

This problem only affects nameservers that allow recursive queries and are performing DNSSEC validation on behalf of their clients. It is unlikely to be encountered by most DNSSEC-validating nameservers because queries that might induce a nameserver to exhibit this behavior would not normally be received with CD in combination with DO. We are not aware of any (client) stub resolvers that do this; however, at least one other DNS server implementation has been observed crafting queries in this way when forwarding.

BIND 9 users should upgrade to one of the following: 9.4.3-P4, 9.5.2-P1 or 9.6.1-P2.  There are no fixes available for BIND versions 9.0 through 9.3, as those releases are at end-of-life, the ISC said.

More from US-CERT.

Related

On July 12, we'll see the universe like never before
51656393132-ca88bc21e3-k

On July 12, we'll see the universe like never before

Space
Delta Air Lines just made an embarrassing announcement (you may be livid)
screen-shot-2022-06-22-at-3-50-54-pm.png

Delta Air Lines just made an embarrassing announcement (you may be livid)

Business
My Bitcoin 'investment': After exactly six months, how much did I gain or lose?
crypto-on-paypal-2022-07-01-00-06-57

My Bitcoin 'investment': After exactly six months, how much did I gain or lose?

Bitcoin