[dns-operations] BIND vulnerability affecting DNSSEC-validating resolvers
Chris Thompson
cet1 at cam.ac.uk
Thu Dec 3 13:46:39 UTC 2009
On Dec 3 2009, Rickard Dahlstrand wrote:
>Hi,
>
>Just wanted to remind everybody who is running DNSSEC-validating BIND resolver
>that they will need to update to 9.4.3-P4, 9.5.2-P1 or 9.6.1-P2 as soon as they
>can.
>
>This vulnerability is real and allows a user to inject records into the cache.
>It is rated medium by ISC since it only affects DNSSEC-validating resolvers,
>but yesterday ISC upgraded this to a severe rating for users with DNSSEC
>validation turned on.
>
>More information about this can be found at https://www.isc.org/node/504
You might want to note that 9.7.0b3 has in fact been released since that
advisory was written.
--
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the dns-operations
mailing list