Vulnerability identifier: #VU14291
Vulnerability risk: Medium
Exploitation vector: Network
Exploit availability: No
Server applications / DNS servers
The vulnerability allows an attacker to perform denial of service (DoS) attack.
The vulnerability exists due to INSIST assertion failure in name.c when processing recursive queries. A remote attacker can trigger denial of service conditions if the affected server is configured with enabled "deny-answer-aliases" feature.
Update to version 9.9.13-P1, 9.10.8-P1, 9.11.3-S3, 9.11.4-P1 or 9.12.2-P1
Vulnerable software versions
ISC BIND: 9.7.0 - 9.13.2
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?