Infoblox Support Alert - Important Infoblox Notification Regarding BIND Security Vulnerability

Posted: 02/08/2015

On July 28, 2015, the Internet Systems Consortium (ISC) announced a remotely exploitable denial of service vulnerability in BIND [CVE-2015-5477]. A maliciously-constructed packet can cause denial of service on authoritative and recursive DNS servers by exploiting an error in the handling of queries for TKEY records. 

Infoblox have been informed that proof-of-concept code for an exploit has been published by a third party to a public source repository.  As this development significantly increases the potential risk that this vulnerability will be exploited by those with a mind to do so, please take steps to patch or upgrade to a secure version as soon as possible.

Infoblox has created a fix, and patches are available for download on Infoblox Support site.

Affected Versions

All currently supported versions of Infoblox NIOS are impacted by CVE-2015-5477, except as noted below:

Exception for Infoblox Advanced DNS Protection customers:

Customers using Infoblox Advanced DNS Protection (in block mode) are protected from this vulnerability as offending packets are dropped.  
Please note: if you are running ADP in Monitor mode you are still vulnerable.  Advanced DNS Protection customers are still encouraged to upgrade to patched versions of NIOS.

Impact

Both recursive and authoritative DNS servers (internal & external) are affected by this vulnerability. Exploit of the vulnerability can result in denial of service on the DNS server.  There is no known risk that the vulnerability can be exploited to assume control of the DNS server, or to exfiltrate data.   

Recommended Actions

1)    Infoblox strongly recommends that customers upgrade NIOS software on your authoritative or recursive
        DNS servers (internal or external) to one of the following patched NIOS releases:

•    6.12.9
•    7.0.5
•    7.1.4
•    7.2.0

The patched versions are available from the Downloads page on the Infoblox support site.

2)    Please subscribe to the “Security Alerts” Knowledge Base so you get automatic notifications of any future security alerts. 
        To subscribe click on the link above and select “Notify Me” at the bottom of the knowledge base page.
   
For more information please read the Infoblox Support Portal Knowledge Base Article #4200

The security and reliability of your DNS system is a top priority for Infoblox. 

Keep up to date with the latest news

The Teneo Technical Support Team will be keeping up to date with all of the latest information and updates, so please get in touch with any questions or concerns at support@teneo.net

To keep up to date with what we know, follow us on Twitter