ISC has released updates for BIND 9 to patch high-severity vulnerabilities involving cache poisoning and cache injection flaws. These security flaws could allow attackers to spoof responses, inject forged records, or cause server DoS, but they do not impact authoritative servers. Users are urged to update to the latest versions to mitigate risks. #BIND #DNSVulnerabilities
Keypoints
- ISC announced critical security updates for BIND 9 to fix three major vulnerabilities.
- The vulnerabilities include cache poisoning, record injection, and denial-of-service issues.
- Two of the flaws have a CVSS score of 8.6, indicating high severity, while the DoS is rated 7.5.
- All addressed flaws affect BIND resolvers, but not authoritative DNS servers.
- Organizations should update to the latest BIND versions to prevent potential exploits.
Read More: https://www.securityweek.com/bind-updates-address-high-severity-cache-poisoning-flaws/