A cache poisoning vulnerability has been identified in ISC BIND 9. This issue arises because BIND is overly permissive in accepting certain records from responses, which can allow an attacker to inject forged data into the DNS cache. This vulnerability affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, as well as specific preview versions. While authoritative services are believed to be unaffected, this vulnerability poses a significant risk to BIND resolvers, potentially disrupting the resolution of future queries by injecting false records into the cache.
Exploitation of this vulnerability allows for the injection of forged records into the DNS cache, which can mislead future query resolutions. This behavior is particularly concerning for BIND resolvers, as it can create persistent inaccuracies in DNS responses.
Users are advised to upgrade to BIND 9.18.41, 9.20.15, or 9.21.14. For those using BIND Supported Preview Edition, the equivalent versions are 9.18.41-S1 and 9.20.15-S1.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
