September 2, 2015 was not a good day for BIND users. Two new critical security vulnerabilities were announced today – both of them are remotely exploitable vulnerabilities that crash the server. The two vulnerabilities are:
ISC has release patches of its BIND software that correct the problem.
Users of BIND-based appliances from vendors such as Infoblox, Bluecat Networks, BT, Efficient IP, Radware and F5 are advised to contact their vendor for more information about the availability of a patch.
Secure64 products, which are not based on BIND, are not vulnerable to these security threats.