BIND 8 Security Vulnerability Matrix

AA-00959

This table summarizes the vulnerability to the bugs mentioned for all released versions of BIND 8 as of 2008.  BIND 8 may be vulnerable to any or all of the BIND CVEs released since.

BIND 8 is in "End of Life" status, which means that we recommend that you not use it. As you can see from the table below, BIND 8 is vulnerable to modern attacks. Please use a newer version.

The numbers listed in the first row are the CVE (Common Vulnerabilities and Exposure) references and are hyperlinked to the appropriate pages on the CVE website, and are also listed in a separate table below, with a short description.

ver/CVE 0 1 2 3 4 5 6 7 8 10 14 X
15 16 17 18 27 28 29
8.4.7-P1                                 
8.4.7                               
8.4.6                               
8.4.5                           
8.4.4                           
8.4.3                               
8.4.2                           
8.4.1                           
8.4.0                           
8.3.7                               
8.3.6                             
8.3.5                             
8.3.4                             
8.3.3                       +
 
8.3.2                     +
 
8.3.1                     +
 
8.3.0                     +
 
8.2.7                             
8.2.6                       +
 
8.2.5                     +
 
8.2.4                     +
 
8.2.3                     +
 
8.2.2         +
 
8.2.1   +
 
8.2.0   +
 

Legend:

# CVE number short description
0 1999-0833 Buffer overflow via NXT records.
1 1999-0835 Denial of service via malformed SIG records.
2 1999-0837 Denial of service by improperly closing TCP sessions via so_linger.
3 1999-0848 Denial of service named via consuming more than "fdmax" file descriptors.
4 1999-0849 Denial of service via maxdname.
5 1999-0851 Denial of service via naptr.
6 2000-0887 Denial of service by compressed zone transfer (ZXFR) request.
7 2000-0888 Denial of service via SRV record.
8 2001-0010 Buffer overflow in TSIG code allows root privileges.
10 2001-0012 Ability to access sensitive information such as environment variables.
14 2002-0651 Buffer overflow in resolver code may cause a DoS and arbitrary code execution.
 X2002-1219
Buffer overflow responses with SIG RR
15 2002-1220 Denial of service via request for nonexistent subdomain using large OPT RR.
16 2002-1221 Denial of service via SIG RR elements with invalid expiry times.
17 2003-0914 Cache poisoning via negative responses with a large TTL value.
18 2005-0033 Buffer overflow in recursion and glue code allows denial of service.
27 2007-2930 cryptographically weak query ids (BIND 8)
28 2008-0122 inet_network() off-by-one buffer overflow
29 2008-1447 DNS cache poisoning issue