TTCSIRT-121.052118: TT-CSIRT Advisory – BIND Security Updates
The Internet Systems Consortium (ISC) has released a security update stating that A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging.
Deliberate exploitation of this condition could cause attackers to carry out a denial of service attack.
Further information on this vulnerability and how it can be mitigated can be found at https://kb.isc.org/article/AA-01606/0 |