ISC BIND Security Bypass Vulnerability

Summary

ISC BIND is prone to a security-bypass vulnerability.

Credit:

The information has been provided by Haixin Duan, Jianping Wu, Jian Jiang and Jinjin Liang of Tsinghua University, Jun Li of University of Oregon, Carlos III of University of Madrid, Kang Li of University of Georgia.
The original article can be found at: http://www.securityfocus.com/bid/51898


Details

Vulnerable Systems:
 * ISC BIND 9.6 and prior

Successfully exploiting this issue will cause the application to retain domain names resolvable even after the names are removed from the upper level servers.

Vendor Status:
ISC had issued an update for this vulnerability

Patch Availability:
http://www.isc.org/software/bind/advisories/cve-2012-1033

CVE Information:
CVE-2012-1033

Disclosure Timeline:
Initial Release: Jun 07 2012

Categories: News