BIND 9¾Ü¾øЧÀÍÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2018-08-10

Îó²î±àºÅºÍ¼¶±ð


CVE-2018-5740£¬£¬£¬ £¬£¬£¬£¬¸ßΣ£¬£¬£¬ £¬£¬£¬£¬³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬ £¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


BIND 9.7.0->9.8.8£¬£¬£¬ £¬£¬£¬£¬9.9.0->9.9.13£¬£¬£¬ £¬£¬£¬£¬9.10.0->9.10.8£¬£¬£¬ £¬£¬£¬£¬ 9.11.0->9.11.4£¬£¬£¬ £¬£¬£¬£¬9.12.0->9.12.2£¬£¬£¬ £¬£¬£¬£¬9.13.0->9.13.2


Îó²î¸ÅÊö


¡°deny-answer-aliases¡±ÊÇÒ»¸öºÜÉÙʹÓõĹ¦Ð§£¬£¬£¬ £¬£¬£¬£¬Ö¼ÔÚ×ÊÖúÓòÃûµÝ¹éЧÀÍÆ÷±£» £»£»¤×îÖÕÓû§ÃâÊÜDNSÖØа󶨹¥»÷£¬£¬£¬ £¬£¬£¬£¬ÕâÊÇÒ»ÖÖÈƹý¿Í»§¶Ëä¯ÀÀÆ÷ʹÓõÄÇ徲ģ×ÓµÄÌæ»»ÒªÁì¡£¡£¡£ ¿ÉÊÇ£¬£¬£¬ £¬£¬£¬£¬´Ë¹¦Ð§ÖеÄȱÏÝʹµÃÔÚʹÓøù¦Ð§Ê±£¬£¬£¬ £¬£¬£¬£¬ÈÝÒ×ÔÚname.cÖÐÓöµ½¶ÏÑÔʧ°Ü£¬£¬£¬ £¬£¬£¬£¬·Ç¾ÓÐÄ»ò¾ÓÐÄ´¥·¢´ËȱÏݽ«µ¼ÖÂÏÂÁîÖеÄREQUIRE¶ÏÑÔʧ°Ü£¬£¬£¬ £¬£¬£¬£¬´Ó¶øµ¼ÖÂBINDÀú³Ì×èÖ¹Ö´Ðв¢µ¼Ö¾ܾøΪ¿Í»§¶ËÌṩЧÀÍ¡£¡£¡£ Ö»ÓÐÃ÷È·ÆôÓá°deny-answer-aliases¡±¹¦Ð§µÄЧÀÍÆ÷²ÅÓÐΣº¦£¬£¬£¬ £¬£¬£¬£¬½ûÓøù¦Ð§¿ÉÒÔ×èÖ¹Îó²îʹÓᣡ£¡£


Îó²îÑéÖ¤


ÏÖÔÚûÓÐpocÐû²¼¡£¡£¡£


ÐÞ¸´½¨Òé


´ó´ó¶¼ÏµÍ³²Ù×÷Ô±²»ÐèÒª¾ÙÐÐÈκθü¸Ä£¬£¬£¬ £¬£¬£¬£¬³ý·ÇËûÃÇʹÓá°deny-answer-aliases¡±¹¦Ð§£¨ÔÚBIND 9ÖÎÀíÔ±²Î¿¼ÊÖ²áµÚ6.2½ÚÖÐÓÐÐÎò£©¡£¡£¡£¡°deny-answer-aliases¡±Ä¬ÈÏÊǹرյģ¬£¬£¬ £¬£¬£¬£¬Ö»ÓÐÃ÷È·ÆôÓÃËüµÄÉèÖòŻáÊܵ½´ËȱÏݵÄÓ°Ïì¡£¡£¡£
ÈôÊÇÄúʹÓá°deny-answer-aliases¡±¹¦Ð§£¬£¬£¬ £¬£¬£¬£¬ÇëÉý¼¶µ½ÓëÄúÄ¿½ñ°æ±¾µÄBIND×îÇ×½üÏà¹ØµÄÐÞ²¹°æ±¾¡£¡£¡£https://kb.isc.org/article/AA-00913
9.9.13-P1
9.10.8-P1
9.11.4-P1
9.12.2-P1

9.11.3-S3


²Î¿¼Á´½Ó


https://securityaffairs.co/wordpress/75200/security/bind-dns-software-dos.html
https://kb.isc.org/article/AA-01639/0/CVE-2018-5740%3A-A-flaw-in-the-deny-answer-aliases-feature-can-cause-an-INSIST-assertion-failure-in-named.html
https://kb.isc.org/article/AA-00913