Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
1 BIND 9 Security Vulnerability Matrix Featured

The BIND 9 Security Vulnerability Matrix is a tool to help DNS operators understand the current security risk for a given version of BIND. It has two parts: The first part is a table listing all of the vulnerabilities covered by this page. The first column…

2 CVE-2016-9778: An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c

CVE: CVE-2016-9778 Document Version: 2.0 Posting date: 11 Jan 2017 Program Impacted: BIND Versions affected: 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0 -> P1 Severity: High (for affected configurations) Exploitable: Remotely Description:…

3 CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure

CVE: CVE-2016-9444 Document Version: 2.0 Posting date: 11 Jan 2017 Program Impacted: BIND Versions affected: 9.6-ESV-R9 -> 9.6-ESV-R11-W1, 9.8.5 -> 9.8.8, 9.9.3 -> 9.9.9-P4, 9.9.9-S1 -> 9.9.9-S6, 9.10.0 -> 9.10.4-P4, 9.11.0 -> 9.11.0-P1…

4 CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure

CVE: CVE-2016-9147 Document Version: 2.0 Posting date: 11 Jan 2017 Program Impacted: BIND Versions affected: 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, 9.11.0-P1 Severity: High Exploitable: Remotely Description: Depending on the type of query and the EDNS options in…

5 CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion

CVE: CVE-2016-9131 Document Version: 2.0 Posting date: 11 Jan 2017 Program Impacted: BIND Versions affected: 9.4.0 -> 9.6-ESV-R11-W1, 9.8.5 -> 9.8.8, 9.9.3 -> 9.9.9-P4, 9.9.9-S1 -> 9.9.9-S6, 9.10.0 -> 9.10.4-P4, 9.11.0 -> 9.11.0-P1 Severity:…

6 CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure

CVE: CVE-2016-8864 Document Version: 2.0 Posting date: 1 November 2016 Program Impacted: BIND Versions affected: 9.0.x -> 9.8.x, 9.9.0 -> 9.9.9-P3, 9.9.3-S1 -> 9.9.9-S5, 9.10.0 -> 9.10.4-P3, 9.11.0 Severity: High Exploitable: Remotely Description:…

7 CVE-2016-2848: A packet with malformed options can trigger an assertion failure in ISC BIND versions released prior to May 2013 and in packages derived from releases prior to that date.

Please read the "Versions affected" and "Solutions" sections of this advisory carefully This article discusses a vulnerability in BIND that was corrected in ISC-distributed versions in May 2013. However, some versions of BIND distributed by other parties…

8 CVE-2016-2776: Assertion Failure in buffer.c While Building Responses to a Specifically Constructed Request

CVE: CVE-2016-2776 Document Version: 2.1 Posting date: 2016-09-27 Program Impacted: BIND Versions affected: 9.0.x -> 9.8.x, 9.9.0->9.9.9-P2, 9.9.3-S1->9.9.9-S3, 9.10.0->9.10.4-P2, 9.11.0a1->9.11.0rc1 Severity: High Exploitable: Remotely Description:…

9 CVE-2016-2775: A query name which is too long can cause a segmentation fault in lwresd

Although not commonly used, the BIND package contains provisions to allow systems to resolve names using the lightweight resolver protocol, a protocol similar to (but distinct from) the normal DNS protocols. The lightweight resolver protocol can be used either…

10 CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c

CVE: CVE-2016-1285 Document Version: 2.0 Posting date: 09 March 2016 Program Impacted: BIND Versions affected: 9.2.0 -> 9.8.8, 9.9.0->9.9.8-P3, 9.9.3-S1->9.9.8-S5, 9.10.0->9.10.3-P3 Severity: High Exploitable: Remotely (on systems which accept…