A vulnerability exists in the BIND 9 DNSSEC validation code that could be used by an attacker to generate fake NXDOMAIN responses.
BIND 9 contains a vulnerability in DNSSEC validation code. According to ISC:
This issue affects BIND versions 9.0.x, 9.1.x, 9.2.x, 9.3.x, 9.4.0 -> 9.4.3-P4, 9.5.0 -> 9.5.2-P1, 9.6.0 -> 9.6.1-P2
An attacker may be able to add fake NXDOMAIN records to a resolver's cache.
Upgrade BIND to version 9.4.3-P5, 9.5.2-P2 or 9.6.1-P3.
This issue was reported by ISC.
This document was written by David Warren.
|Date First Published:||2010-01-19|
|Date Last Updated:||2010-01-27 19:37 UTC|