BIND Vulnerability Advisory (Doc ID 460710.1)

Last updated on AUGUST 26, 2013

Applies to:

Oracle Communications Policy Services - Version: 4.2.2

Symptoms

Oracle Communication Policy Services DNS and ENUM internally packages a BIND based server to provide the DNS and ENUM functionality.

Recently, a vulnerability has been identified in ISC BIND, which could be exploited by attackers to gain knowledge of sensitive information and poison a DNS cache. This issue is caused by an error within the DNS query ID generation code when answering questions as a resolver or when sending NOTIFYs to slave name servers, which could allow attackers to potentially guess the next query ID and perform cache poisoning.

Changes

All systems with ISC BIND 9 through 9.5.0 a5 are affected

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms