CVE-2016-9778

Name of the Vulnerable Software and Affected Versions BIND versions 9.9.8-S1 through 9.9.8-S3 BIND versions 9.9.9-S1 through 9.9.9-S6 BIND versions 9.11.0 through 9.11.0-P1

Description The issue arises from an error in handling certain queries, which can cause an assertion failure when the nxdomain-redirect feature is used to cover a zone for which the server is also providing authoritative service. An attacker could intentionally stop a vulnerable server if it accepts a query with the required attributes. This issue affects the nxdomain-redirect feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type redirect is not affected.

Recommendations For BIND versions 9.9.8-S1 through 9.9.8-S3, update to a version outside of this range to resolve the issue. For BIND versions 9.9.9-S1 through 9.9.9-S6, update to a version outside of this range to resolve the issue. For BIND versions 9.11.0 through 9.11.0-P1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling the nxdomain-redirect feature until a patch is available.