A vulnerability in BIND, and all it takes is just one tiny little packet…

BIND 9.x is vulnerable for a remote Denial of Service, where a tiny magic packet can cause BIND 9.x to stop and exit named with a REQUIRE assertion failure. All the attacker needs to send is a specially – and deliberately – constructed packet to exploit an error in the handling of queries for TKEY records. The vulnerability in BIND will crash and take down the BIND named daemon…

All versions of BIND 9 from BIND 9.1.0 (inclusive) through BIND 9.9.7-P1 and BIND 9.10.2-P2 are vulnerable, administrators should upgrade to a patched version as soon as possible. These can be downloaded from https://www.isc.org/downloads/.

BIND 9.x vulnerability details CVE-2015-5477

The BIND 9.x vulnerability details are described in CVE-2015-5477, which you can read in the National Vulnerability Database (NVD by NIST) and Common Vulnerabilities and Exposures (CVE) websites. ISC’s released their own advisory AA-01272.

This may interest you:   Check IP address blacklist status in Bash