FYI...BIND 9 updates released
5 December update... "... Workarounds
The best solution is to upgrade. Upgrade BIND to one of the following patched versions: BIND 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, 9.4-ESV-R5-P15 December Update
: For customers who are unable to migrate immediately to a patched version of BIND, there is now a mitigation strategy available. ISC continues to strongly recommend installing a patched version as the safest course of action, but if circumstances prevent you from doing so you can still reduce or eliminate your exposure to the CVE-2011-4313 vulnerability with a configuration option addition to named.conf.
Please see this Supplemental page* in our KnowledgeBase for full details of this workaround and other operational considerations...
Last Updated: 2011-12-05
Authoritative-only servers are -not- vulnerable. Only servers acting in a recursive / resolving capacity are affected.
Recursive servers are vulnerable if they query zones which you do not directly control (for example, if they query zones on the internet.)
Resolving queries through a forwarder does not prevent exposure to this vulnerability.
You are potentially vulnerable if you resolve queries for data provided by a third party. Examples could include addresses in email, html links in web pages, or queries submitted by users..."
16 November 2011 - "... reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))" Multiple versions were reported being affected, including all currently supported release versions of ISC BIND 9...
Versions affected: All currently supported versions of BIND, 9.4-ESV, 9.6-ESV, 9.7.x, 9.8.x
Exploitable: Remotely ...
Workarounds: No workarounds are known. The solution is to upgrade. Upgrade BIND to one of the following patched versions: BIND 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, 9.4-ESV-R5-P1
Active exploits: Under investigation
Solution: Patches mitigating the issue are available at:https://www.isc.org/software/bind/981-p1https://www.isc.org/software/bind/974-p1https://www.isc.org/software/bind/96-esv-r5-p1https://www.isc.org/software/bind/94-esv-r5-p1
Last Update: 2011-11-17
Criticality level: Highly critical
Where: From remote
... vulnerability is reported in versions 9.4-ESV, 9.6-ESV, 9.7.x, 9.8.x.
Solution: Update to a fixed version or apply patch (please see the vendor's advisory* for details)....
CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4313
Date: Nov 17 2011
Impact: Denial of service via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 9.4-ESV, 9.6-ESV, 9.7.x, 9.8.x ...
Last Updated: 2011-11-17 12:58:47 UTC
17 November 2011 - "... Update: Patches for Red Hat Enterprise Linux have been released; the advisories RHSA-2011:1458 and RHSA-2011:1459 contain further details."
16th November 2011 22:17 GMT - "... apparently being exploited to attack networks, with multiple members of the BIND users email list from Germany, France and the US reporting simultaneous crashes across multiple servers..."