ISC BIND EDNS Option Processing Denial of Service vulnerability

Changed to Closed group from secret group

Severity Rating: HIGH

Systems Affected
• ISC BIND 9.10.0
• ISC BIND 9.10.0-P1

Overview
A vulnerability has been reported in ISC BIND EDNS option processing, which could be exploited by a remote attacker to cause denial of service (DoS) conditions.

Description
The vulnerability exists due to an error within "libdns" EDNS option processing of BIND. A remote attacker could exploit this vulnerability by sending a specially crafted DNS query to cause denial of service (DoS) conditions.

Both Authoritative and recursive servers are vulnerable to this issue. It is not possible to prevent this vulnerability using Access Control List.

Solution
Update to version 9.10.0-P2
http://www.isc.org/downloads

Vendor Information
ISC BIND
https://kb.isc.org/article/AA-01166/0/CVE-2014-3859%3A-BIND-named-can-crash -due-to-a-defect-in-EDNS-printing-processing.html

References
SecurityTracker
http://securitytracker.com/id/1030414

SecurityFocus
http://www.securityfocus.com/bid/68038

IBM ISS
http://xforce.iss.net/xforce/xfdb/93770