Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
1 BIND 9 Security Vulnerability Matrix Featured

The BIND 9 Security Vulnerability Matrix is a tool to help DNS operators understand the current security risk for a given version of BIND. It has two parts: The first part is a table listing all of the vulnerabilities covered by this page. The first column…

2 CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure

CVE: CVE-2016-8864 Document Version: 2.0 Posting date: 1 November 2016 Program Impacted: BIND Versions affected: 9.0.x -> 9.8.x, 9.9.0 -> 9.9.9-P3, 9.9.3-S1 -> 9.9.9-S5, 9.10.0 -> 9.10.4-P3, 9.11.0 Severity: High Exploitable: Remotely Description:…

3 CVE-2016-2848: A packet with malformed options can trigger an assertion failure in ISC BIND versions released prior to May 2013 and in packages derived from releases prior to that date.

Please read the "Versions affected" and "Solutions" sections of this advisory carefully This article discusses a vulnerability in BIND that was corrected in ISC-distributed versions in May 2013. However, some versions of BIND distributed by other parties…

4 CVE-2016-2776: Assertion Failure in buffer.c While Building Responses to a Specifically Constructed Request

CVE: CVE-2016-2776 Document Version: 2.1 Posting date: 2016-09-27 Program Impacted: BIND Versions affected: 9.0.x -> 9.8.x, 9.9.0->9.9.9-P2, 9.9.3-S1->9.9.9-S3, 9.10.0->9.10.4-P2, 9.11.0a1->9.11.0rc1 Severity: High Exploitable: Remotely Description:…

5 CVE-2016-2775: A query name which is too long can cause a segmentation fault in lwresd

Although not commonly used, the BIND package contains provisions to allow systems to resolve names using the lightweight resolver protocol, a protocol similar to (but distinct from) the normal DNS protocols. The lightweight resolver protocol can be used either…

6 CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c

CVE: CVE-2016-1285 Document Version: 2.0 Posting date: 09 March 2016 Program Impacted: BIND Versions affected: 9.2.0 -> 9.8.8, 9.9.0->9.9.8-P3, 9.9.3-S1->9.9.8-S5, 9.10.0->9.10.3-P3 Severity: High Exploitable: Remotely (on systems which accept…

7 CVE-2016-2088: A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure.

CVE: CVE-2016-2088 Document Version: 2.0 Posting date: 09 March 2016 Program Impacted: BIND Versions affected: 9.10.0 -> 9.10.3-P3 Severity: High Exploitable: Remotely Description: BIND 9.10 has preliminary support for DNS cookies (or source identity tokens),…

8 CVE-2016-1286: A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c

CVE: CVE-2016-1286 Document Version: 2.0 Posting date: 09 March 2016 Program Impacted: BIND Versions affected: 9.0.0 -> 9.8.8, 9.9.0 -> 9.9.8-P3, 9.9.3-S1 -> 9.9.8-S5, 9.10.0 -> 9.10.3-P3 Severity: High Exploitable: Remotely Description: An error…

9 CVE-2015-8704: Specific APL data could trigger an INSIST in apl_42.c

CVE: CVE-2015-8704 Document Version: 2.0 Posting date: 19 January 2016 Program Impacted: BIND Versions affected: 9.3.0->9.8.8, 9.9.0->9.9.8-P2, 9.9.3-S1->9.9.8-S3, 9.10.0->9.10.3-P2 Severity: High Exploitable: Remotely Description: A buffer size…

10 CVE-2015-8705: Problems converting OPT resource records and ECS options to text format can cause BIND to terminate.

CVE: CVE-2015-8705 Document Version: 2.0 Posting date: 19 January 2016 Program Impacted: BIND Versions affected: 9.10.0->9.10.3-P2 Severity: Medium Exploitable: Remotely Description: In versions of BIND 9.10, errors can occur when OPT pseudo-RR data or…