Isc bind "localnets" access control list bypassing security vulnerabilities

Release date:
Updated on:

Affected Systems:
Isc bind 9.8.x
Isc bind 9.6.x
Description:
--------------------------------------------------------------------------------
BIND is a widely used DNS protocol.

Isc bind 9.9.4-P1, 9.8.6-P1, 9.6-ESV-R10-P1 has a security vulnerability in the Winsock WASIoctl API when processing the "255.255.255.255" netmask, attackers can exploit this vulnerability to bypass the ACL and obtain the "localnets" ACL access function. This vulnerability affects only isc bind running on Windows.

<* Source: Michal zarewski (lcamtuf@echelon.pl)

Link: http://secunia.com/advisories/55607/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

ISC
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.isc.org/software/bind/advisories/
Http://www.isc.org/downloads
Https://kb.isc.org/article/AA-01062
Refer:
Http://archives.neohapsis.com/archives/bind/current/0047.html
Http://archives.neohapsis.com/archives/bind/current/0048.html
Http://archives.neohapsis.com/archives/bind/current/0049.html

Use BIND to configure the DNS server

BIND + DLZ + MySQL smart DNS implementation of forward and reverse resolution

Domain Name Service BIND construction and application configuration

Ubuntu BIND9 wildcard domain name resolution Configuration

Install BIND9.6 in CentOS 5.2