Security Vulnerabilities

If you suspect you have found a security defect in BIND or DHCP, or if you wish to inquire about a security issue that you have learned about which has not yet been publicly announced, ISC encourages you to get in touch with our Security Officer by selecting the appropriate pull-down on the Bug Report Form.

Alternatively, you can email us at security-officer@isc.org.  However, plain-text e-mail is not a secure choice for communications concerning undisclosed security issues so we ask that you please encrypt your communications to us using the ISC Security Officer public key.

Learn more about Security Vulnerability Disclosure Policy at https://kb.isc.org/article/AA-00861/0


Reporting a Bug

  • You may report BIND or DHCP bugs, or request features by using the Bug Report Form.

You may also use email, if you prefer:

  • To report a bug in BIND, other than a security issue, please contact us via bind9-bugs@isc.org
  • To report a bug in ISC DHCP, other than a security issue, please contact us via  dhcp-bugs@isc.org

For listing of security vulnerabilities about BIND 9, visit ISC’s Knowledge Base’s BIND 9 Vulnerabilities Matrix.

As of Oct, 2010 ISC is now using the CVSS, a program of first.org and NIST, to determine the severity of potential security issues.

To subscribe to our Security Vulnerability RSS feed, please subscribe to updates from our knowledgebase at kb.isc.org ISC Security Vulnerability RSS Feed

BIND

Earlier
Summary:KSK-2010, the DNSSEC Key Signing Key that has served as the trust anchor for the root DNS zone (.) since it was introduced in 2010, is scheduled to be retired soon. A new key, KSK-2017, has been introduced and operators of validating resolvers should check their servers to ensure… [...]
Thu, Sep 28, 2017
Source: BIND Operational Notifications
An attacker may be able to circumvent TSIG authentication of AXFR and NOTIFY requests. [...]
Thu, Jun 29, 2017
Source: BIND Security Advisory
An attacker may be able to forge a valid TSIG or signature for a dynamic update. [...]
Thu, Jun 29, 2017
Source: BIND Security Advisory
BIND 9.11.0 and 9.11.1 carries a number of integration problems with LMDB (liblmdb) that will be addressed in BIND 9.11.2. [...]
Wed, Jun 14, 2017
Source: BIND Operational Notifications
Summary: DNS protocols were designed with the assumption that a certain amount of trust could be presumed between the operators of primary and secondary servers for a given zone. &nbs [...]
Thu, Jul 07, 2016
Source: BIND Operational Notifications
Summary: Numerous defects have been found in the BIND 9.10 implementation of Response Policy Zones (RPZ) which can lead to a crash of the named process. [...]
Wed, Jun 10, 2015
Source: BIND Operational Notifications
A minor bugfix added to BIND 9.9.6, 9.8.8 and 9.10.0 introduced a regression that makes the nsupdate(8) utility fail to resolve (and thus fail to send updates to) the SOA MNAME host in some cases. (The MNAME or master name is the first text value in a zone's SOA [...]
Fri, Dec 05, 2014
Source: BIND Operational Notifications

[Complete List]

ISC DHCP

Earlier
CVE: [...]
Tue, Jan 12, 2016
Source: DHCP Security Advisory
A memory exhaustion bug has been discovered in libdns, which is used by ISC DHCP 4.2. Theoretically this could be exploited to cause memory exhaustion in ISC DHCP 4.2. [...]
Mon, Mar 18, 2013
Source: DHCP Security Advisory
Title: Memory Leaks Found In ISC DHCP [...]
Mon, Jul 23, 2012
Source: DHCP Security Advisory

[Complete List]

Kea

Earlier
ISC Kea may terminate unexpectedly (crash) while handling a malformed client packet. [...]
Mon, Nov 30, 2015
Source: Kea CVEs

Last modified: November 3, 2016 at 2:19 pm