Sign In


ISC Releases Security Advisories for DHCP, BIND

The Internet Systems Consortium (ISC) has released updates or workarounds that address vulnerabilities in versions of ISC Dynamic Host Configuration Protocol (DHCP) and Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.

Affected products and versions:

BIND: 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2

DNCP : 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6, 4.4.0

CERT Bulgaria recommends users and administrators to review ISC Knowledge Base Articles AA-01562 and AA-01565 and apply the necessary updates or workarounds.

  • For BIND

Workaround: Disabling the SERVFAIL cache with 'servfail-ttl 0;' will prevent taking the code path that leads to the assertion failure

Upgrade to BIND 9 version 9.10.6-S3

  • For DHCP

Workaround: none

Upgrade to most closely related to your current version of DHCP.

DHCP 4.1-ESV-R15-P1

DHCP 4.3.6-P1

DHCP 4.4.1