<<< JPCERT/CC Alert 2018-01-17 >>>
Alert Regarding Vulnerability in ISC BIND 9
ISC BIND 9 contains a vulnerability that leads to a denial-of-service
(DoS). When this vulnerability is exploited, a remote attacker may
cause named to terminate. According to ISC, cache DNS servers that have
DNSSEC verification enabled are affected. For more details on this
vulnerability, please refer to the information provided by ISC.
Internet Systems Consortium, Inc. (ISC)
CVE-2017-3145: Improper fetch cleanup sequencing in the resolver can cause named to crash
In addition, ISC has rated the severity of the vulnerability CVE-2017-3145
If you are operating an affected version of ISC BIND 9, please consider
updating to a version that addresses this vulnerability by referring to
the information in "III. Solution".
II. Affected Systems
According to ISC, the following versions are affected by this
- CVE-2017-3145 : High
- Versions from 9.9.0 to 9.9.11
- Versions from 9.10.0 to 9.10.6
- Versions from 9.11.0 to 9.11.2
- Versions 9.0.x to 9.8.x which are no longer supported are also affected
For more details, please refer to the following:
BIND 9 Security Vulnerability Matrix
If you are using BIND provided by a distributor, please refer to the
information provided by that distributor.
ISC has released versions of ISC BIND 9 that address these vulnerabilities.
Distributors are likely to provide their own versions that address
these vulnerabilities. Consider updating to an updated version after
Versions that address these vulnerabilities are as follows:
- BIND 9 version 9.9.11-P1
- BIND 9 version 9.10.6-P1
- BIND 9 version 9.11.2-P1
ISC has recommended disabling DNSSEC verification as a workaround until
an updated version can be applied.
ISC Releases Security Updates for BIND
Japan Registry Services (JPRS)
(Urgent) Vulnerability in BIND 9.x (DNS Service stoppage) (CVE-2017-3145) (Japanese)
- Affected only when DNSSEC verification is enabled, updating strongly recommended -
If you have any information regarding this alert, please contact
JPCERT Coordination Center (JPCERT/CC)
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602