PROBLEM:
A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to bypass certain security restrictions.
PLATFORM:
ISC BIND 9.2.x
ISC BIND 9.3.x
ISC BIND 9.4.x
ISC BIND 9.5.x
ISC BIND 9.6.x
ISC BIND 9.7.x
ISC BIND 9.8.x
ABSTRACT:
The vulnerability is caused due to an error within the cache update policy.
referenceĀ LINKS:
Original Advisory
Secunia Advisory SA47884
CVE-2012-1033
IMPACT ASSESSMENT:
High
Discussion:
Researchers discovered a vulnerability affecting the large majority of popular DNS implementations which allows a malicious domain name to stay resolvable long after it has been removed from the upper level servers. The issue, which is in all versions of BIND 9, exploits a vulnerability in DNS cache update policy, which prevents effective domain name revocation. Attackers could cause a malicious domain name to be continuously resolvable even after the delegated data has been deleted from the domain registry and after the TTL associated with entry supposedly expires
Impact:
Remote security Bypass
Solution:
The vendor is currently working a fix.