edit-icon download-icon

[Vulnerability notice] CVE-2016-2776: Denial of service vulnerability in BIND

Last Updated: May 07, 2018

Internet Systems Consortium (ISC) officially released a security advisory to announce a vulnerability (CVE-2016-2776) and its fixing. This vulnerability exists in BIND.

Description

Berkeley Internet Name Daemon (BIND) is a popular DNS service application on the Internet, widely-used on lots of DNS servers.

The vulnerability exists in buffer.c. When constructing a response packet for a specially crafted query request, BIND can encounter an assertion failure, causing the program to crash and therefore a denial of service.

For more information, see CVE-2016-2776: Assertion Failure in buffer.c While Building Responses to a Specifically Constructed Request.

Affected versions

  • BIND 9.0.x > 9.8.x
  • BIND 9.9.0 > 9.9.9-P2
  • BIND 9.9.3-S1 > 9.9.9-S3
  • BIND 9.10.0 > 9.10.4-P2
  • BIND 9.11.0a1 > 9.11.0rc1

Fix

The manufacturer has released a patch to fix this security issue. Go to the manufacturer’s website to download and install the patch.

References

Thank you! We've received your feedback.