ISC Security Advisories

Reporting security issues:

If you need to report a security issue with any ISC product or service, please do so here.  For some additional guidance on the latest security advisories see these: DHCP or BIND.  This Matrix contains BIND 9 Security advisories and which versions are affected.

As of Oct, 2010 ISC is now using the CVSS, a program of first.org and NIST, to determine the severity of potential security issues. Here is our CVSS scoring guideline chart.

Please see our Security Vulnerabilty Disclosure Policy for details on how we publish security vulnerabilities.

Ghost Domain Names: Revoked Yet Still Resolvable

Summary: 
After completing our analysis of the DNS exploit reported by Professor Haixin Duan of Tsinghua University, ISC has determined that the behavior he describes, while verifiable, is due to design issues in the DNS protocol. No immediate steps are planned to address the issue. Further information concerning the implications of the reported vulnerability can be found in the complete problem description below.
CVE: 
CVE-2012-1033
Document Version: 
2.0
Posting date: 
07 Feb 2012
Program Impacted: 
BIND
Versions affected: 
All versions of BIND 9
Severity: 
High
Exploitable: 
remotely

An Error in DDNS Processing of DHCPv6 Leases Can Cause a Crash in ISC dhcpd

Summary: 
Improper handling of Dynamic DNS information associated with DHCPv6 leases can cause a segmentation fault in ISC DHCP servers using IPv6 and Dynamic DNS, resulting in denial of service to clients.
CVE: 
CVE-2011-4868
Document Version: 
1.2
Posting date: 
12 Jan 2012
Program Impacted: 
DHCP
Versions affected: 
4.2.2, 4.2.3, 4.2.3-P1
Severity: 
High
Exploitable: 
remotely

Security Advisory - DHCP Regular Expressions Segfault

Summary: 
Segmentation fault from dhcpd while processing an evaluated regular expression
CVE: 
CVE-2011-4539
Document Version: 
1.2
Posting date: 
07 Dec 2011
Program Impacted: 
DHCP
Versions affected: 
4.0.x and higher, including all EOL versions back to 4.0, 4.1-ESV, and 4.2.x
Severity: 
Medium
Exploitable: 
remotely

BIND 9 Resolver crashes after logging an error in query.c

Summary: 
Organizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))" Multiple versions were reported being affected, including all currently supported release versions of ISC BIND 9. ISC is actively investigating the root cause and has produced patches which prevent the crash. Further information will be made available soon.
CVE: 
CVE-2011-4313
Document Version: 
2.0.1
Posting date: 
16 Nov 2011
Program Impacted: 
BIND
Versions affected: 
BIND 9.0.x -> 9.6.x , 9.4-ESV->9.4-ESV-R5, 9.6-ESV->9.6-ESV-R5, 9.7.0->9.7.4, 9.8.0->9.8.1, 9.9.0a1->9.9.0b1
Severity: 
Serious
Exploitable: 
Remotely

ISC DHCP Server Halt

Summary: 
Two issues have been found in DHCP that could allow an attacker to cause the server to halt.
CVE: 
CVE-2011-2748
Document Version: 
1.1
Posting date: 
10 Aug 2011
Program Impacted: 
DHCP
Versions affected: 
3.1.0 through 3.1-ESV-R1 (R2 never released) 4.0 all versions (EOL) 4.1.0 through 4.1.2rc1 4.1-ESV through 4.1-ESV-R3b1 4.2.0 through 4.2.2rc1 All End-of-Life versions of DHCP server are likely to be affected and ISC recommends upgrading to supported versions.
Severity: 
High
Exploitable: 
Remotely

ISC BIND 9 Remote packet Denial of Service against Authoritative and Recursive Servers

Summary: 
A specially constructed packet will cause BIND 9 ("named") to exit, affecting DNS service.
CVE: 
CVE-2011-2464
Document Version: 
2.1
Posting date: 
05 Jul 2011
Program Impacted: 
BIND
Versions affected: 
9.6.3, 9.6-ESV-R4, 9.6-ESV-R4-P1, 9.6-ESV-R5b1 9.7.0, 9.7.0-P1, 9.7.0-P2, 9.7.1, 9.7.1-P1, 9.7.1-P2, 9.7.2, 9.7.2-P1, 9.7.2-P2, 9.7.2-P3, 9.7.3, 9.7.3-P1, 9.7.3-P2, 9.7.4b1 9.8.0, 9.8.0-P1, 9.8.0-P2, 9.8.0-P3, 9.8.1b1
Severity: 
High
Exploitable: 
Remotely

ISC BIND 9 Remote Crash with Certain RPZ Configurations

Summary: 
Two defects were discovered in ISC's BIND 9 code. These defects only affect BIND 9 servers which have recursion enabled and which use a specific feature of the software known as Response Policy Zones (RPZ) and where the RPZ zone contains a specific rule/action pattern.
CVE: 
CVE-2011-2465
Document Version: 
2.1
Posting date: 
05 Jul 2011
Program Impacted: 
BIND
Versions affected: 
9.8.0, 9.8.0-P1, 9.8.0-P2 and 9.8.1b1 Other versions of BIND 9 not listed here are not vulnerable to this problem.
Severity: 
High
Exploitable: 
Remotely

Large RRSIG RRsets and Negative Caching can crash named

Summary: 
A BIND 9 DNS server set up to be a caching resolver is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache a response. This can cause the BIND 9 DNS server (named process) to crash.
CVE: 
CVE-2011-1910
CERT: 
VU#795694
Document Version: 
1.5
Posting date: 
26 May 2011
Program Impacted: 
BIND
Versions affected: 
9.4: 9.4-ESV-R3, -R4, -R5b1 9.5: 9.5.3b1, 9.5.3rc1 (end-of-life) 9.6: 9.6.3, 9.6-ESV-R2, -R3, -R4, -R5b1 9.7: 9.7.1, 9.7.1-P1, -P2, 9.7.2, 9.7.2-P1, -P2, -P3, 9.7.3, 9.7.4b1 9.8: 9.8.0, 9.8.0-P1, 9.8.1b1
Severity: 
High
Exploitable: 
remotely

RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones

Summary: 
When a name server is configured with a response policy zone (RPZ), queries for type RRSIG can trigger a server crash.
CVE: 
CVE-2011-1907
Document Version: 
1.1
Posting date: 
05 May 2011
Program Impacted: 
BIND
Versions affected: 
9.8.0
Severity: 
High
Exploitable: 
remotely
Attachments
application/pdf icon
Response Policy Zones for the (not just) Domain Name System (DNS RPZ)
application/pdf icon
DNS Response Policy Zone

DHCP: dhclient does not strip or escape shell meta-characters

Summary: 
dhclient doesn't strip or escape certain shell meta-characters in dhcpd responses, allowing a rogue server or party with with escalated privileges on the server to cause remote code execution on the client.
CVE: 
CVE-2011-0997
CERT: 
VU#107886
Document Version: 
1.1
Posting date: 
05 Apr 2011
Program Impacted: 
DHCP
Versions affected: 
3.0.x-4.2.x
Severity: 
Medium
Exploitable: 
remotely
Share this