Nixu Information for VU#725188

ISC BIND 9 vulnerable to denial of service via dynamic update request

Status

Affected

Vendor Statement

==========================
NIXU ADVISORY ON VU#725188
==========================

=====================
Nixu NameSurfer Suite
=====================
All Nixu NameSurfer versions ship with a proprietary primary DNS server is
not affected by VU#725188. Therefore, when Nixu NameSurfer is run as the
primary DNS server, no action is required to protect the master DNS server
against this threat.

Nixu NameSurfer Suite 6.5.2 ships with an optional companion BIND 9.6.1
server that can be installed on the same server running Nixu NameSurfer
Suite. If the companion BIND 9.6.1 server has been activated at install and
is used to run localhost (127.0.0.1) as a master zone, Nixu recommends
either of the following approaches:

1) the master zone on localhost BIND is disabled
2) the localhost BIND is patched to version 9.6.1-P1

Please note that a failure in the localhost BIND due to the vulnerability
outlined in VU#725188 does not pose any threat to authoritative DNS zones
for which Nixu NameSurfer Suite is the master, i.e. Nixu NameSurfer primary
DNS server will continue to serve the (remote) secondary DNS servers even if
the optional local BIND server failed.

=============================
Nixu Secure Name Server (SNS)
=============================
Nixu SNS secondary server instances hosting slave copies of master zones
managed in Nixu NameSurfer primary are not affected by VU#725188.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.