BIND9: unauthorized dynamic updates

Posted on Posted in Bind9

Description: An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update.

Affected versions:

  • 9.4.0 -> 9.8.8
  • 9.9.0 -> 9.9.10-P1
  • 9.10.0 ->9.10.5-P1
  • 9.11.0 -> 9.11.1-P1
  • 9.9.3-S1 -> 9.9.10-S2
  • 9.10.5-S1 -> 9.10.5-S2

Recommended action: Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *