On June 29, 2017, a security bypass vulnerability caused by improper design was detected in ISC BIND. By exploiting this vulnerability, attackers can send messages to and receive messages from an authoritative DNS server, dynamically update the target services without permission, and start attacks such as virus injection. The vulnerability causes a serious security risk to services.
See the following for more information about the vulnerability.
BIND security bypass vulnerability
Attackers can send messages to and receive messages from an authoritative DNS server, dynamically update the target services without permission, and inject virus to the target server, causing a serious security risk.
Condition and method of exploitation
BIND 9.11: 9.11.0->9.11.1-P1
named -V command to check whether any affected version of BIND is used.
How to fix or mitigate
The latest software version has been released on the official website. We recommend that you upgrade the software to the latest version.
Enable ACL on BIND to allow access from trusted servers or users.
. Red Hat Enterprise Linux/CentOS