TTCSIRT-132.061418: TT-CSIRT Advisory – Bind Security Updates
The Internet Systems Consortium (ISC) has released a security update stating that some versions of BIND could improperly permit recursive queries to unauthorized clients.
This could allow an attacker to deduce which queries a server has previously serviced by examining the results from the cache thereby potentially leaking private information about what queries have been performed as well as allowing the server to be co-opted for use in DNS reflection attacks.
| Further information on this vulnerability and how it can be mitigated can be found on the Internet Systems Consortium Website at https://kb.isc.org/article/AA-01616/0/CVE-2018-5738 |