Re: bind vulnerabilities
from isc https://kb.isc.org/docs/aa-00913 [https://cdn.document360.io/956e37e2-5ec0-4942-8b27-35533899f099/Images/Documentation/ISC-logo-rgb-2048x1149.png]<https://kb.isc.org/docs/aa-00913> BIND 9 Security Vulnerability Matrix - Security Advisories<https://kb.isc.org/docs/aa-00913> kb.isc.org From: bind-users on behalf of Elias Pereira Sent: Saturday, May 1, 2021 3:03 PM To: bind-users@lists.isc.org Subject: bind vulnerabilities According to the article below, only the: "BIND 9.11.31, 9.16.15, and 9.17.12 all contain patches and the appropriate update should be applied" https://www.zdnet.com/google-amp/article/isc-urges-updates-of-dns-servers-to-wipe-out-new-bind-vulnerabilities/ Is this statement correct? -- Elias Pereira ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
bind vulnerabilities
According to the article below, only the: "BIND 9.11.31, 9.16.15, and 9.17.12 all contain patches and the appropriate update should be applied" https://www.zdnet.com/google-amp/article/isc-urges-updates-of-dns-servers-to-wipe-out-new-bind-vulnerabilities/ Is this statement correct? -- Elias Pereira ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
CVE-2017-3142 and CVE-2017-3143 -- TSIG-related BIND vulnerabilities
Today ISC announced two significant BIND vulnerabilities (via our bind-announce list -- https://lists.isc.org/mailman/listinfo/bind-announce) They are CVE-2017-3142 and CVE-2017-3143 and both are related to errors in our TSIG support. These are unusual CVEs for BIND -- many of the vulnerabilities we disclose are denial-of-service vectors which affect server availability but can easily be partly or completely mitigated by running BIND with a watchdog process. Atypically, these new vulnerabilities have, respectively, a confidentiality impact (for CVE-2017-3142, which potentially permits unauthorized zone transfer) and a data integrity impact (CVE-2017-3143, which under some circumstances can permit an attacker to cause the server to accept a forged DDNS update.) New versions of BIND have been released and are available from ISC's web site: http://www.isc.org/downloads Details on the vulnerabilities are available via the ISC Knowledge Base: https://kb.isc.org/category/74/0/10/Software-Products/BIND9/Security-Advisories/ Please take these bugs seriously and act promptly to safeguard your servers if you rely on TSIG authentication for zone transfers or DDNS. Michael McNally ISC Support ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users